4881 matches found
MAL-2025-3865 Malicious code in mfe-react-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f7835d0f6b232544302030371ac74d4c595860a04736a2ef54259a32993f9c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mfe-react-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f7835d0f6b232544302030371ac74d4c595860a04736a2ef54259a32993f9c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-mount-point-unstable (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a12f68daa4bc6ad2efd656ef3b93ae79f1783de0c3591c171aab5b331b1be2d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3875 Malicious code in bui-react-10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7efb9896b372501d00ef7c23655b29a8eed7ffe274410cb4d2748ec4aa96eda7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3914 Malicious code in react-mount-point-unstable (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a12f68daa4bc6ad2efd656ef3b93ae79f1783de0c3591c171aab5b331b1be2d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bui-react-10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7efb9896b372501d00ef7c23655b29a8eed7ffe274410cb4d2748ec4aa96eda7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3847 Malicious code in old-react-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0ae29d9cb582d5c0be810adbab5c88a3409a65d0d94034301910bb1c735e2c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in old-react-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0ae29d9cb582d5c0be810adbab5c88a3409a65d0d94034301910bb1c735e2c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3852 Malicious code in react-native-plugin-ms-adal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 361e4c6581b21fde6eeab43c3e36a75bd051771efd939b92cd3f82fbee601f6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-native-plugin-ms-adal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 361e4c6581b21fde6eeab43c3e36a75bd051771efd939b92cd3f82fbee601f6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3706 Malicious code in @igain/react-app (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92a7ea271ab926399063ffd4583f6b66fab6f3350920ca611701719de8f9356e Any computer that has this package installed or running should be considered...
Malicious code in @igain/react-app (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92a7ea271ab926399063ffd4583f6b66fab6f3350920ca611701719de8f9356e Any computer that has this package installed or running should be considered...
Insufficient Verification Of Data Authenticity
react-router is vulnerable to data spoofing. The vulnerability is due to improper request validation allows the ability to manipulate pre-rendered data via custom headers, allowing full modification of the data object embedded in HTML...
Cache Poisoning
react-router is vulnerable to Cache Poisoning. The vulnerability is due to improper request handling due to allowing header-based switching from SSR to SPA mode, which can trigger an error response that is then cached, affecting application availability...
SUSE CVE-2025-43864
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...
SUSE CVE-2025-43865
React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values of the data object passed to the HTML. This issue has been...
CVE-2025-43865
React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values of the data object passed to the HTML. This issue has bee...
CVE-2025-43864
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...
CVE-2025-43865
CVE-2025-43865 affects React Router on the 7.0 branch before 7.5.2. The issue allows an attacker to modify pre-rendered data by adding a header to the request, enabling complete spoofing of the data object passed to the HTML. The vulnerability is patched in version 7.5.2. IBM’s bulletin notes thi...
CVE-2025-43865 React Router allows pre-render data spoofing on React-Router framework mode
React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values of the data object passed to the HTML. This issue has bee...