4876 matches found
MAL-2026-2711 Malicious code in @evoja-web/react-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5a150d97bdfc04cfc9e3ce56a7d6238d57f578628802fa568ea6404b5463070 The package @evoja-web/react-login was found to contain malicious code...
Malicious code in @evoja-web/create-react-project (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edb63f2bfa081652aba97d2848d34ffdb1f97f0b744457c6811337282b4359a2 The package @evoja-web/create-react-project was found to contain malicious code...
MAL-2026-2710 Malicious code in @evoja-web/create-react-project (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edb63f2bfa081652aba97d2848d34ffdb1f97f0b744457c6811337282b4359a2 The package @evoja-web/create-react-project was found to contain malicious code...
React Server Components - Denial of Service
React Server Components 19.0.0 to 19.2.1 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain an insecure deserialization vulnerability caused by unsafe payload deserialization in Server Function endpoints, letting unauthenticated attackers cause...
MAL-2026-2906 Malicious code in swplayer-react-sl (npm)
swplayer-react-sl is a malicious npm package that when imported downloads a C2 dropper from https://coingecko-liard.vercel.app and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb25be00997a0e21d0d5337b89729fe6c3a99c9364f8a46d4b2e2a828e845f54 The...
MAL-2026-2685 Malicious code in react-dom-19 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e6b5a54efd0bd62412ae002a01495b83a035014f59692e4e942aeaf9fd70d0d The package react-dom-19 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in react-dom-19 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e6b5a54efd0bd62412ae002a01495b83a035014f59692e4e942aeaf9fd70d0d The package react-dom-19 was found to contain malicious code. Source: ossf-package-analysis...
VulnCheck KEV: CVE-2025-55184
A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafe...
MAL-2026-2592 Malicious code in @relxui/react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b91a4fd21ef12fb1580ab9240c8b51f39c0ba26d19b683ebcac2d86ed7936e78 The package @relxui/react was found to contain malicious code. Source: ghsa-malware 1a95206a60abfe74a108e76e52361543b36e7d78ff34a1273b5cf4c1bb183d1f...
Malicious code in @relxui/react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b91a4fd21ef12fb1580ab9240c8b51f39c0ba26d19b683ebcac2d86ed7936e78 The package @relxui/react was found to contain malicious code. Source: ghsa-malware 1a95206a60abfe74a108e76e52361543b36e7d78ff34a1273b5cf4c1bb183d1f...
Malicious Package
Overview @relxui/react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-2599 Malicious code in ccn-common-react-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e786ee75b4c32af6bfd2d9129d0a1ded7b507ef1141e019acc9b6ba1dc1da374 The package ccn-common-react-library was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2606 Malicious code in mdb-react-sortable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 221ae0ca7ee784d6ab2d9bb463b65dc3d998114b51b3dd7a4f3585ef2b1ed11a The package mdb-react-sortable was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview mdb-react-sortable is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in mdb-react-sortable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 221ae0ca7ee784d6ab2d9bb463b65dc3d998114b51b3dd7a4f3585ef2b1ed11a The package mdb-react-sortable was found to contain malicious code. Source: ghsa-malware...
Denial Of Service
React Server Components is vulnerable to Denial of Service. The vulnerability is due to specially crafted HTTP requests to Server Function endpoints, where the payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — React Server Components RCE | CTF Writeup...
Exploit for Deserialization of Untrusted Data in Facebook React
R2SAE - React2Shell Auto-Exploit A Firefox extension...
Exploit for CVE-2026-23869
⚡ CVE-2026-23869 — React2DoS Unauthenticated Remote Denial-o...
Exploit for CVE-2026-23869
⚡ CVE-2026-23869 — React2DoS Unauthenticated Remote Denial-o...