Malicious code in react-scripts-cep (npm)

The package react-scripts-cep was found to contain malicious code...

Malicious code in eui-react-scripts (npm)

The package eui-react-scripts was found to contain malicious code...

MAL-2025-19902 Malicious code in eui-react-scripts (npm)

The package eui-react-scripts was found to contain malicious code...

MAL-2025-31855 Malicious code in react-scripts-cep (npm)

The package react-scripts-cep was found to contain malicious code...

Malicious code in react-scripts-win (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29e804e3b477f180aba3ed9674d889a1e235e2091cca2fd2fe31cd5ef7528978 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1258 Malicious code in react-scripts-win (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29e804e3b477f180aba3ed9674d889a1e235e2091cca2fd2fe31cd5ef7528978 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in snp-react-scripts (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9859 Malicious code in snp-react-scripts (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9856 Malicious code in snap-react-sctipts (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9855 Malicious code in snap-react-scrpits (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9851 Malicious code in snap-react-scipts (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2939 Malicious code in @plangrid-private/react-scripts (npm)

--- -= Per source details. Do not edit below this line.=-...

Security Bulletin: A security vulnerability in react-scripts affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in react-scripts affects IBM Cloud Pak for Multicloud Management Managed Services Vulnerability Details IBM X-Force ID: 217312 DESCRIPTION: Node.js istanbul-reports module could allow a remote attacker to obtain sensitive information, caused by a reverse tabnabbin...

Malicious code in suspicious-react-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b72ddb83c9fbe20fe07636b0a5aedb1c5f788d74050f6027f090bce10b2ab48b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6367 Malicious code in suspicious-react-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b72ddb83c9fbe20fe07636b0a5aedb1c5f788d74050f6027f090bce10b2ab48b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in accenture-react-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 985ac5e6a836ced626f0611678d33c042d2461ef8a7360a50580945b3335d2f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-819 Malicious code in accenture-react-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 985ac5e6a836ced626f0611678d33c042d2461ef8a7360a50580945b3335d2f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

GHSA-5Q6M-3H65-W53X react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

@yaochuxia/roadhog (=1.0.9), svmx-react-scripts (>=1.1.4 <=1.1.17) +1 more potentially affected by CVE-2018-6342 via react-dev-utils (=2.0.1)

react-dev-utils NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-dev-utils and may be impacted: - @yaochuxia/roadhog =1.0.9 - svmx-react-scripts =1.1.4, =0.1.0, =0.1.1 Source cves: CVE-2018-6342 Source advisory:...