MAL-2025-3274 Malicious code in react-x-twitter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1675100a9b4622daef2a3e8d439f1baf8428c60cd4dad9b6fe09ef615ce1e645 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in talsec-react-native-security-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68ab8661116d9ec30b2582ba0a9547684e8ad10024bae79f2b4094e5ea0937d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3262 Malicious code in talsec-react-native-security-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68ab8661116d9ec30b2582ba0a9547684e8ad10024bae79f2b4094e5ea0937d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-32026 Element Web could load a malicious instance of Element Call leaking media encryption keys

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...

MAL-2025-3142 Malicious code in arno-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09b3072a4a914ee5e85596d8f9a01d42ed0596c24aa05bc664e85067c41cbd3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in arno-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09b3072a4a914ee5e85596d8f9a01d42ed0596c24aa05bc664e85067c41cbd3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

@1kit/react (>=0.0.74 <=0.0.149), @1kit/ui (>=0.0.14 <=0.0.90) +762 more potentially affected by CVE-2025-3191 via react-draft-wysiwyg (>=1.10.0 <=1.15.0)

react-draft-wysiwyg NPM version =1.10.0, =0.0.74, =0.0.14, =1.0.7, =0.2.2, =1.0.0, =0.0.5, =0.1.2, =1.0.2, =1.0.0, =0.0.1, =1.0.2, =2.0.54, =2.3.26 and more Source cves: CVE-2025-3191 Source advisory: OSV:GHSA-FQ5X-7292-2P5R...

React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

GHSA-FQ5X-7292-2P5R React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

CVE-2025-3191 affects the JavaScript WYSIWYG editor package react-draft-wysiwyg . The vulnerability is an XSS via the Embedded button, with the payload stored in the tag, enabling execution of malicious script in the user’s browser. Affected versions are described by PT-2025-14838 as 3.1 and ear...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

react-draft-wysiwyg 安全漏洞

react-draft-wysiwyg is a WYSIWYG editor built on ReactJS and DraftJS by the individual developer Jyoti Puri. A security vulnerability exists in react-draft-wysiwyg, which stems from a cross-site scripting attack via the Embedded button...

PT-2025-14838 · Unknown · React-Draft-Wysiwyg

Name of the Vulnerable Software and Affected Versions: react-draft-wysiwyg versions 3.1 and earlier Description: The issue is related to Cross-site Scripting XSS via the Embedded button, which results in saving the payload in the iframe tag. This allows attackers to exploit the vulnerability...

CVE-2025-31137

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

Malicious code in niji-react-alert (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 131b1e825df158dacd4bb111ea02f0cf4a2c4374c18c8466ee2ad1e3bcb1b927 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in niji-react-prettybytes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 572b7b0cfab3e7ae5f10e6653440bf2e9d094c7ca66110eef06083fcc94840e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3082 Malicious code in niji-react-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b0f37153a7862a4b1e5abd871385e93b6535a8bb834f03fc9bb83b9e7be6640 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...