Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4882 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/08/10 8:48 a.m.1 views

Malicious code in eslint-plugin-react_editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 091ef657bc115b400dc3d8cd65691df53caef85fa307f52d627aac4d50120a77 The OpenSSF Package Analysis project identified 'eslint-plugin-reacteditor' @ 71.71.72 npm as malicious. It is considered malicious because: - T...

6.9AI score
Exploits0
NVD
NVDadded 2025/08/09 3:15 a.m.3 views

CVE-2025-55008

The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...

7.1CVSS0.00181EPSS
Exploits0References3
Snyk
Snykadded 2025/08/09 2:41 a.m.3 views

Information Exposure

Overview @workos-inc/authkit-react-router is an Authentication and session helpers for using WorkOS & AuthKit with React Router 7+ Affected versions of this package are vulnerable to Information Exposure via the accessToken and sealedSession parameters in the authkitLoader function. An attacker c...

7.6CVSS6.9AI score0.00181EPSS
Exploits0References2
CVE
CVEadded 2025/08/09 2:2 a.m.23 views

CVE-2025-55008

CVE-2025-55008 affects the AuthKit React Router library for React Router 7+. In versions ≤ 0.6.1, the package exposes sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader , causing them to be rendered into browser HTML (informa...

7.1CVSS6.7AI score0.00181EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/08/09 2:2 a.m.4 views

CVE-2025-55008 AuthKit React Router: Sensitive auth data rendered in HTML

The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...

7.1CVSS7AI score0.00181EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/08/09 2:2 a.m.9 views

CVE-2025-55008 AuthKit React Router: Sensitive auth data rendered in HTML

The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...

7.1CVSS0.00181EPSS
Exploits0References3
OSV
OSVadded 2025/08/09 2:2 a.m.5 views

CVE-2025-55008 AuthKit React Router: Sensitive auth data rendered in HTML

The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...

7.1CVSS6.6AI score0.00181EPSS
Exploits0References5
CNNVD
CNNVDadded 2025/08/09 12:0 a.m.3 views

AuthKit React Router Library 信息泄露漏洞

AuthKit React Router Library is a WorkOS open source authentication and session helper for use in React Router 7. An information disclosure vulnerability exists in AuthKit React Router Library version 0.6.1 and earlier, which stems from exposing sensitive authentication artifacts that could lead ...

7.1CVSS6AI score0.00181EPSS
Exploits0References4
OSV
OSVadded 2025/08/08 5:4 p.m.4 views

GHSA-VQVC-9Q8X-VMQ6 The AuthKit React Router Library rendered sensitive auth data in HTML

In versions before 0.7.0, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. Impact This information disclosure could lead to...

7.1CVSS6AI score0.00181EPSS
Exploits0References5
OSV
OSVadded 2025/08/08 8:7 a.m.5 views

MAL-2025-6806 Malicious code in react-native-kraken-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6dd9f629078cdad7b927b9f85f1d8b3a5d381a6009e08c65eafca6272b20cbf2 The OpenSSF Package Analysis project identified 'react-native-kraken-oauth' @ 1.0.1 npm as malicious. It is considered malicious because: - The...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/08/08 8:7 a.m.3 views

Malicious code in react-native-kraken-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6dd9f629078cdad7b927b9f85f1d8b3a5d381a6009e08c65eafca6272b20cbf2 The OpenSSF Package Analysis project identified 'react-native-kraken-oauth' @ 1.0.1 npm as malicious. It is considered malicious because: - The...

6.9AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2025/08/08 12:0 a.m.5 views

PT-2025-32421 · Workos · Authkit-React-Router

Name of the Vulnerable Software and Affected Versions: @workos-inc/authkit-react-router versions 0.6.1 and below Description: The AuthKit library for React Router exposes sensitive authentication artifacts – specifically sealedSession and accessToken – by returning them from the authkitLoader,...

7.1CVSS6.2AI score0.00181EPSS
Exploits0References10
RedhatCVE
RedhatCVEadded 2025/08/07 11:32 p.m.3 views

CVE-2025-54594

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

9.1CVSS6.6AI score0.0035EPSS
Exploits0References1
NVD
NVDadded 2025/08/06 12:15 a.m.2 views

CVE-2025-54594

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

9.1CVSS0.0035EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/08/06 12:0 a.m.2 views

react-native-bottom-tabs 安全漏洞

react-native-bottom-tabs is the native bottom tabs of a Callstack Incubator open source. A security vulnerability exists in react-native-bottom-tabs version 0.9.2 and earlier, which stems from the improper use of the pullrequesttarget event trigger in the GitHub Actions workflow, and could lead t...

9.1CVSS7.4AI score0.0035EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/08/05 11:31 p.m.7 views

CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

9.1CVSS0.0035EPSS
Exploits0References3
OSV
OSVadded 2025/08/05 11:31 p.m.3 views

CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

9.1CVSS7.2AI score0.0035EPSS
Exploits0References5
CVE
CVEadded 2025/08/05 11:31 p.m.19 views

CVE-2025-54594

React-native-bottom-tabs

9.1CVSS6.7AI score0.0035EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/08/05 11:31 p.m.2 views

CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

9.1CVSS6.6AI score0.0035EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/08/05 12:0 a.m.3 views

PT-2025-32002

Name of the Vulnerable Software and Affected Versions: react-native-bottom-tabs versions 0.9.2 and earlier Description: The react-native-bottom-tabs library improperly used the pull request target event trigger in the github/workflows/release-canary.yml GitHub Actions workflow. This allowed...

9.1CVSS6.7AI score0.0035EPSS
Exploits0References15
Rows per page
Query Builder