CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2025/09/16 1:18 a.m.•2 views

Malicious code in react-complaint-image (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 33876ade4179ec201d0e343ecacda0c424494710ea95d2c31722e32b7af5fe5c Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score

vulnersOsv•added 2025/09/16 1:18 a.m.•4 views

react-jsonschema-rxnt-extras (>=0.1.14 <=0.5.0-alpha.190053) potentially affected by unknown CVE via react-complaint-image (>=0.0.10 <=0.0.31)

react-complaint-image NPM version =0.0.10, =0.1.14, =0.5.0-alpha.190053 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47341...

OSV•added 2025/09/16 1:18 a.m.•1 views

MAL-2025-47341 Malicious code in react-complaint-image (npm)

7.1AI score

OSSF Malicious Packages•added 2025/09/15 11:45 p.m.•2 views

Malicious code in @ctrl/react-adsense (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc78e701d6941c16bc77a99580c74125deb3045bfb62ccee9917be54177617e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

vulnersOsv•added 2025/09/15 7:39 a.m.•5 views

react-jsonschema-rxnt-extras (>=0.1.14 <=0.5.0-alpha.190053) potentially affected by unknown CVE via react-complaint-image (>=0.0.10 <=0.0.31)

react-complaint-image NPM version =0.0.10, =0.1.14, =0.5.0-alpha.190053 Source cves: unknown CVE Source advisory: SNYK:JS-REACTCOMPLAINTIMAGE-12705089...

Embedded Malicious Code

vulnersOsv•added 2025/09/15 7:39 a.m.•5 views

@opencloning/opencloning-elabftw (>=1.6.0 <=1.7.3), @opencloning/ui (>=1.0.1 <=1.7.3) +7 more potentially affected by unknown CVE via @teselagen/react-table (>=6.10.13 <=6.10.18)

@teselagen/react-table NPM version =6.10.13, =1.6.0, =1.0.1, =0.0.15, =0.0.14, =0.5.7, =10.1.61, =18.3.6, =28.0.0, =30.15.8 Source cves: unknown CVE Source advisory: SNYK:JS-TESELAGENREACTTABLE-12743716...

vulnersOsv•added 2025/09/15 7:39 a.m.•6 views

@opencloning/opencloning-elabftw (>=1.6.0 <=1.7.3), @opencloning/ui (>=1.0.1 <=1.7.3) +8 more potentially affected by unknown CVE via @teselagen/react-list (>=0.8.16 <=0.8.18)

@teselagen/react-list NPM version =0.8.16, =1.6.0, =1.0.1, =0.0.15, =6.10.1, =0.0.14, =0.5.7, =10.1.14, =18.3.6, =28.0.0, =30.15.8 Source cves: unknown CVE Source advisory: SNYK:JS-TESELAGENREACTLIST-12744522...

Embedded Malicious Code

Embedded Malicious Code

Embedded Malicious Code

vulnersOsv•added 2025/09/15 7:39 a.m.•7 views

open-vector-editor (>=10.1.61 <=18.3.6), ove-electron (=1.2.8) +2 more potentially affected by unknown CVE via tg-client-query-builder (=2.14.3)

tg-client-query-builder NPM version =2.14.3 is affected by a known vulnerability. The following packages have a transitive dependency on tg-client-query-builder and may be impacted: - open-vector-editor =10.1.61, =18.3.6, =29.0.7, =30.15.8 Source cves: unknown CVE Source advisory:...

vulnersOsv•added 2025/09/15 7:39 a.m.•2 views

@crowdstrike/alloy-react (>=0.0.2 <=0.0.5) potentially affected by unknown CVE via @crowdstrike/foundry-js (=0.17.1)

@crowdstrike/foundry-js NPM version =0.17.1 is affected by a known vulnerability. The following packages have a transitive dependency on @crowdstrike/foundry-js and may be impacted: - @crowdstrike/alloy-react =0.0.2, =0.0.5 Source cves: unknown CVE Source advisory:...

Snyk•added 2025/09/15 7:39 a.m.•0 views

Embedded Malicious Code

Embedded Malicious Code

Overview @ctrl/react-adsense is an Adsense component for react Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens...

Embedded Malicious Code

Snyk•added 2025/09/15 7:39 a.m.•3 views

Embedded Malicious Code

vulnersOsv•added 2025/09/15 7:39 a.m.•5 views

@bubbles-ui/leemons (>=1.0.0 <=1.2.277), @imtf/rjsf-conditionals (=5.0.3) +3 more potentially affected by unknown CVE via json-rules-engine-simplified (>=0.1.17 <=0.2.0)

json-rules-engine-simplified NPM version =0.1.17, =1.0.0, =0.1.0, =0.1.17, =0.1.1, =0.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-JSONRULESENGINESIMPLIFIED-12704864...