MAL-2025-50729 Malicious code in react-icons-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 224e1d5b1a2b01321da822c843e2013f28320e4b9d4d74487daef59c812557f6 The package react-icons-toolkit was found to contain malicious code. Source: ghsa-malware...

OS Command Injection

@react-native-community/cli is vulnerable to OS Command Injection. The vulnerability is due to an exposed endpoint that accepts attacker-controlled POST data and passes it to system execution paths without proper sanitization, which allows an unauthenticated network attacker to run arbitrary...

@ai-sdk/angular (>=1.1.0-beta.0 <=1.1.0-beta.28), @ai-sdk/langchain (>=1.1.0-beta.0 <=1.1.0-beta.28) +5 more potentially affected by CVE-2025-48985 via ai (>=5.1.0-beta.0 <=5.1.0-beta.8)

ai NPM version =5.1.0-beta.0, =1.1.0-beta.0, =1.1.0-beta.0, =1.1.0-beta.0, =2.1.0-beta.0, =1.1.0-beta.0, =3.1.0-beta.0, =2.1.0-beta.0, =2.1.0-beta.28 Source cves: CVE-2025-48985 Source advisory: SNYK:JS-AI-13863465...

MAL-2025-49368 Malicious code in react-tmedia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2561617d960be4ee063460a87fe4cded553ec3c3f0258fcaae75a27aa92de3b The package react-tmedia was found to contain malicious code. Source: ghsa-malware eb8db46193d662b789371d3c7670652c9d9dca288f0b99daba2791a3410613cf A...

Malicious Package

Overview react-tmedia is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-37950

Malicious code in react-tmedia npm...

Malicious code in react-tmedia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2561617d960be4ee063460a87fe4cded553ec3c3f0258fcaae75a27aa92de3b The package react-tmedia was found to contain malicious code. Source: ghsa-malware eb8db46193d662b789371d3c7670652c9d9dca288f0b99daba2791a3410613cf A...

MAL-2025-49369 Malicious code in tailwindcss-react-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c6f72d8d64a8612b01ed58fa0bcacd97698a820dcf3b2ebf50dec6e23831065 The package tailwindcss-react-sass was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview tailwindcss-react-sass is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

EUVD-2025-37954

Malicious code in tailwindcss-react-sass npm...

Malicious code in tailwindcss-react-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c6f72d8d64a8612b01ed58fa0bcacd97698a820dcf3b2ebf50dec6e23831065 The package tailwindcss-react-sass was found to contain malicious code. Source: ghsa-malware...

Severe React Native Flaw Exposes Developer Systems to Remote Attacks

JFrog researchers found a critical RCE vulnerability CVE-2025-11953 in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw...

ExploitReport

The Exploit Report — Portfolio React A single-page React si...

EUVD-2025-37866

Malicious code in react-notifications-alert npm...

Malicious Package

Overview react-notifications-alert is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2025-49361 Malicious code in react-notifications-alert (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fbe66f8e85ad0ad7c2682e9640e0f2a48344bcef9beeaa8de12e5e687744acf The package react-notifications-alert was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-notifications-alert (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fbe66f8e85ad0ad7c2682e9640e0f2a48344bcef9beeaa8de12e5e687744acf The package react-notifications-alert was found to contain malicious code. Source: ghsa-malware...

CVE-2025-11953

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

Exploit for CVE-2025-11953

React Native CLI Command Injection Demo CVE-2025-11953 ⚠...

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...