4881 matches found
PT-2025-44571
Name of the Vulnerable Software and Affected Versions React Router versions 7.0.0 through 7.9.3 @remix-run/deno versions prior to 2.17.2 @remix-run/node versions prior to 2.17.2 Description The issue concerns a path traversal flaw in React Router and Remix when using the createFileSessionStorage...
PT-2025-44570
Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.8.2 @remix-run/react versions 1.15.0 through 2.17.0 Description A cross-site scripting XSS issue exists in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags. This could allow...
EUVD-2025-36891
Malicious code in react-router-dom.js npm...
Malicious code in react-router-dom.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a54a5d0a9e2cbf3435d04524f79602d94e2a8b49ce9bf676ef37f23e44f1c28c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-49091 Malicious code in react-router-dom.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a54a5d0a9e2cbf3435d04524f79602d94e2a8b49ce9bf676ef37f23e44f1c28c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-36746
Malicious code in transform-react-jsx-source npm...
MAL-2025-49050 Malicious code in transform-react-jsx-source (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd1c3c75a248290b6685831711ef1fa1ec32244ea7ab218a36c42a6b5163e560 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview transform-react-jsx-source is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in transform-react-jsx-source (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd1c3c75a248290b6685831711ef1fa1ec32244ea7ab218a36c42a6b5163e560 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview react-naming-convention is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
MAL-2025-49037 Malicious code in react-naming-convention (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f1de3b293c216a9b6c48e3cdb120f41ef3a161e4aaa7be1aa115440108c0f4f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-36757
Malicious code in react-naming-convention npm...
Malicious code in react-naming-convention (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f1de3b293c216a9b6c48e3cdb120f41ef3a161e4aaa7be1aa115440108c0f4f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-36777
Malicious code in inline-react-svg npm...
Malicious Package
Overview inline-react-svg is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-49011 Malicious code in inline-react-svg (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c39f65737779d34f941dcee3ee4e332a0ca54196d2cbc4e848e57e20ecf85893 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in inline-react-svg (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c39f65737779d34f941dcee3ee4e332a0ca54196d2cbc4e848e57e20ecf85893 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in twilio-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20ffcb178cf9c4a8cc2e9e550a170ff42fa42a341a71eb80330990ce0fc4fe3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-49057 Malicious code in twilio-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20ffcb178cf9c4a8cc2e9e550a170ff42fa42a341a71eb80330990ce0fc4fe3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-36806
Malicious code in twilio-react npm...