4876 matches found
Malicious Package
Overview react-spa-shadcn is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in react-spa-npm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43b35510ff33bc6f887152176f91fb63f2a336c8822c151ac6039ccced83c96b The package react-spa-npm was found to contain malicious code. Source: ghsa-malware c9044f471d6c131db0da2c97994b81cd8d2680486695f42dec152b2b23f5e0be...
EUVD-2026-25166
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration...
Exploit for Deserialization of Untrusted Data in Facebook React
flight-risk flight risk /flaΙͺt rΙͺsk/ β React's Flight...
Malicious code in @oec-settlement/react-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4beeacddc1773c8aefad734c472151284b868e3a06f4be8886763a0caebb121a The package @oec-settlement/react-router was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2978 Malicious code in @oec-settlement/react-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4beeacddc1773c8aefad734c472151284b868e3a06f4be8886763a0caebb121a The package @oec-settlement/react-router was found to contain malicious code. Source: ossf-package-analysis...
Exploit for CVE-2026-26903
CVE-2026-26903 PoC Denial-of-service via unbounded recursio...
Malicious code in react-spa-shadcn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b0a6436d822911c9ab59cb73cdf9c25c0dfa562feb406fcfa450ad964418f89 The package react-spa-shadcn was found to contain malicious code. Source: ghsa-malware da9de249511ac32f8d560921d4da27724c126e29260a8fb7c4acb1da70c6b7...
MAL-2026-2931 Malicious code in react-spa-shadcn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b0a6436d822911c9ab59cb73cdf9c25c0dfa562feb406fcfa450ad964418f89 The package react-spa-shadcn was found to contain malicious code. Source: ghsa-malware da9de249511ac32f8d560921d4da27724c126e29260a8fb7c4acb1da70c6b7...
MAL-2026-2855 Malicious code in react-resource-router-next (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74666c1336dafeaefaa96b6bf71ae8a216aa4eaded1151bbd390c0cb913d1697 The package react-resource-router-next was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in react-resource-router-next (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74666c1336dafeaefaa96b6bf71ae8a216aa4eaded1151bbd390c0cb913d1697 The package react-resource-router-next was found to contain malicious code. Source: ossf-package-analysis...
31g-form-parser (>=1.0.1 <=1.0.126), 97shop-medusa-admin (>=0.1.0 <=0.1.1) +1414 more potentially affected by unknown CVE via react-hook-form (>=7.0.0 <=7.72.1)
react-hook-form NPM version =7.0.0, =1.0.1, =0.1.0, =1.0.0-alpha, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =2.7.0, =1.0.44, =0.0.0, =2.13.1, =2.13.1, =2.13.94 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-2853...
Malicious code in react-hook-form (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17ae372e5061ef357237d48a7812ca65bbc3a49b8a57153df5812d17e9d8eeaa The package react-hook-form was found to contain malicious code. Source: ghsa-malware 5aa9ba7a4ea0b89453bdd073b8ffb80b6e3baab6684d5652a1e898c2bacb5a6...
MAL-2026-2853 Malicious code in react-hook-form (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17ae372e5061ef357237d48a7812ca65bbc3a49b8a57153df5812d17e9d8eeaa The package react-hook-form was found to contain malicious code. Source: ghsa-malware 5aa9ba7a4ea0b89453bdd073b8ffb80b6e3baab6684d5652a1e898c2bacb5a6...
Exploit for Deserialization of Untrusted Data in Facebook React
π΅οΈ CVE-2025-55182 β React Vulnerability Analysis Security...
Paperclip: Stored XSS via javascript: URLs in MarkdownBody β urlTransform override disables react-markdown sanitization
Summary MarkdownBody, the shared component used to render every Markdown surface in the Paperclip UI issue documents, issue comments, chat threads, approvals, agent details, export previews, etc., passes urlTransform=url = url to react-markdown. That override replaces react-markdown's built-in...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of React Router
Summary Due to use of React Router, DevOps Test Performance and Rational Performance Tester contain a Open Redirect vulnerability, potentially enabling phishing or credential theft. Vulnerability Details CVEID:CVE-2025-68470 DESCRIPTION: React Router is a router for React. In versions 6.0.0 throu...
MAL-2026-2795 Malicious code in react-appfabric-shell (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a524b70e3efe81a382327e73d51cabb650ed488156ac7dbe61d61fcbcff68f8 The package react-appfabric-shell was found to contain malicious code...
Malicious code in react-appfabric-shell (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a524b70e3efe81a382327e73d51cabb650ed488156ac7dbe61d61fcbcff68f8 The package react-appfabric-shell was found to contain malicious code...
Malicious code in @evoja-web/react-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5a150d97bdfc04cfc9e3ce56a7d6238d57f578628802fa568ea6404b5463070 The package @evoja-web/react-login was found to contain malicious code...