4880 matches found
EUVD-2025-200983
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...
CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...
CVE-2025-55182
CVE-2025-55182 is a pre-auth remote code execution vulnerability in React Server Components (versions 19.0.0, 19.1.0, 19.1.1, 19.2.0) affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The issue arises from unsafe deserialization of payloads in HTTP reque...
CVE-2025-55182: React and Next.js Server Functions Deserialization RCE
...
Meta React Server Components 安全漏洞
React Server Components is a new component model in the React Framework that allows components to run and render on the server and not execute in the client browser. Meta React Server Components has a remote code execution vulnerability that stems from a lack of security checks when parsing...
PT-2025-48817
Name of the Vulnerable Software and Affected Versions React Server Components versions 19.0.0 through 19.2.0 Description A pre-authentication remote code execution issue exists in React Server Components, specifically affecting the react-server-dom-parcel, react-server-dom-turbopack, and...
PT-2026-4812
Name of the Vulnerable Software and Affected Versions React versions 19.0.0 through 19.2.3 react-server-dom-webpack versions 19.0.0 through 19.2.3 react-server-dom-parcel versions 19.0.0 through 19.2.3 react-server-dom-turbopack versions 19.0.0 through 19.2.3 Next.js versions 13.x through 16.x...
Node.js React Server Components Unauthenticated Remote Code Execution (CVE-2025-55182)
Multiple Node.js React Server Components packages are affected by an unauthenticated remote code execution vulnerability. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0, 19.1.0, 19.1.1, 19.2.0 - react-server-dom-parcel 19.0, 19.1.0, 19.1.1, 19.2.0 -...
Next.js Framework React Server Components Remote Code Execution (CVE-2025-55182)
The Next.js Framework on the remote host is affected by a remote code execution vulnerability: - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel,...
EUVD-2025-200281
Malicious code in wfui-dbd-react-ui npm...
MAL-2025-191668 Malicious code in wfui-dbd-react-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a49a931af71a32dfa7644c29cca564d41bd857fa8cdea4956e0764cd224834ad The package wfui-dbd-react-ui was found to contain malicious code. Source: ghsa-malware...
Malicious code in wfui-dbd-react-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a49a931af71a32dfa7644c29cca564d41bd857fa8cdea4956e0764cd224834ad The package wfui-dbd-react-ui was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-200282
Malicious code in wfui-dsm-react-ui npm...
MAL-2025-191669 Malicious code in wfui-dsm-react-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ab7eb463079033f35833ad6226f3db96e8b3e17ed382e0868d2ad823af5bb34 The package wfui-dsm-react-ui was found to contain malicious code. Source: ghsa-malware...
Malicious code in wfui-dsm-react-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ab7eb463079033f35833ad6226f3db96e8b3e17ed382e0868d2ad823af5bb34 The package wfui-dsm-react-ui was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview eslint-plugin-react-hooks-published is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...
Malicious Package
Overview react-animated-glow is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2025-200195
Malicious code in react-animated-glow npm...
MAL-2025-191550 Malicious code in react-animated-glow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c046e67371a339da9e3c12d108f16059eb5eed933f54d51b3429a77effdcdf8a The package react-animated-glow was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-animated-glow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c046e67371a339da9e3c12d108f16059eb5eed933f54d51b3429a77effdcdf8a The package react-animated-glow was found to contain malicious code. Source: ghsa-malware...