Malicious code in supabase-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d99002d0e83f91ca297ecb91950c973f76ba284c9b63eba89946e9bfac2672de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-53626 pdfme has Sandbox Escape and Prototype Pollution vulnerabilities in pdfme expression evaluation

pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. This vulnerability is fixed in 5.4.1...

Malicious code in @shadowmonarchx/eslint_plugin_react (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68a575ed67cd813fc81aec32ae29e2e8672e85158eebc9e3a07face9ed576247 Any computer that has this package installed or running should be considered...

Malicious code in bugsnag-plugin-react (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-5805 Malicious code in bugsnag-plugin-react (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in react-router-scroll-navar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e8e2c3b7417b2b59415f2f9ce55b82be6594510752b41c70e05cb8fff7fb243 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5723 Malicious code in react-router-scroll-navar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e8e2c3b7417b2b59415f2f9ce55b82be6594510752b41c70e05cb8fff7fb243 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in phone-mockup-react-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f6a1418f459219963b15e9792b3f8721f33e7d7f3bf802a570652c6f3a5faad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in appf-react-router-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bee107551e93c84b7b5e64794220ddf4898466e42cd01d1bdde8b41bb0cabd83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5667 Malicious code in appf-react-router-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bee107551e93c84b7b5e64794220ddf4898466e42cd01d1bdde8b41bb0cabd83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-smoothy-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4605263fb8378867aadba09b4a6f0265ce7325871f0c56d09e75f464cb397e39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5724 Malicious code in react-smoothy-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4605263fb8378867aadba09b4a6f0265ce7325871f0c56d09e75f464cb397e39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cra-react-router (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b95c7c2198b6267e255cb12eb540477d4e18a5670ea43c3e0554eba957e80cfa Any computer that has this package installed or running should be considered...

MAL-2025-5681 Malicious code in cra-react-router (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b95c7c2198b6267e255cb12eb540477d4e18a5670ea43c3e0554eba957e80cfa Any computer that has this package installed or running should be considered...

Malicious code in mre-layout-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca72674752dda2346e914163e1a4ce3dd2a83b813747ebf2e4330596b0afb2c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mre-config-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22474e36d4ddd865818606c920d894196687008fcb57bc5488c2c682a801d5a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5617 Malicious code in mre-config-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22474e36d4ddd865818606c920d894196687008fcb57bc5488c2c682a801d5a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cache Poisoning

Next.js is vulnerable to cache poisoning. The vulnerability is due to HTML page requests returning a React Server Component RSC payload under certain conditions, which allows an attacker to poison the cache if the CDN does not correctly differentiate between RSC and HTML content...

CVE-2025-49005

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...

CVE-2025-49005

Next.js CVE-2025-49005 affects Next.js App Router (versions 15.3.0 to before 15.3.3) and Vercel CLI (41.4.1 to 42.2.0). A cache poisoning vulnerability could cause HTML requests to return a React Server Component payload under certain conditions. When deployed on Vercel, impact is limited to the ...