Exploit for CVE-2026-26903

CVE-2026-26903 PoC Denial-of-service via unbounded recursio...

MAL-2026-1837 Malicious code in react-query-core-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bce94f40a0e1879b184cd9f5abb5f4850d66aa5705b231b41337c2e2e33a3de The package react-query-core-utils was found to contain malicious code...

Malicious code in react-query-core-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bce94f40a0e1879b184cd9f5abb5f4850d66aa5705b231b41337c2e2e33a3de The package react-query-core-utils was found to contain malicious code...

MAL-2026-1553 Malicious code in typescript-react-query (npm)

The package 'typescript-react-query' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in @sev-ui-verse/react-query-client (npm)

The package @sev-ui-verse/react-query-client was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 665474d528ec1e43349cea649e53f67e00e56ef1f98b376e17c5a672fa0a7270 Any computer that has this package installed or running should be...

MAL-2025-47545 Malicious code in @sev-ui-verse/react-query-utils (npm)

The package @sev-ui-verse/react-query-utils was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7159ac6527ad39a63e64403ef1ba63e8895558c89c17cf8355a6bfee386a761 Any computer that has this package installed or running should be...

MAL-2025-47544 Malicious code in @sev-ui-verse/react-query-client (npm)

The package @sev-ui-verse/react-query-client was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 665474d528ec1e43349cea649e53f67e00e56ef1f98b376e17c5a672fa0a7270 Any computer that has this package installed or running should be...

Malicious code in react-query-persist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 510db02a90f329eb7d168ccd3c9ae2f89d81e24f4dae93823b0b1fdac4bf2256 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4874 Malicious code in react-query-persist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 510db02a90f329eb7d168ccd3c9ae2f89d81e24f4dae93823b0b1fdac4bf2256 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-20448 · Npm · @Tanstack/React-Query-Next-Experimental

Name of the Vulnerable Software and Affected Versions: @tanstack/react-query-next-experimental versions prior to 5.18.0 Description: The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either...