4881 matches found
Malicious code in niji-react-icon (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3647824806820bc4dec51343c82379b9993e030f8e9ccfcfded364905ec87d21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3076 Malicious code in niji-react-icon (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3647824806820bc4dec51343c82379b9993e030f8e9ccfcfded364905ec87d21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3080 Malicious code in niji-react-switch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b24fa24fa460419a699b1ade3246daeaff2282d1f49a2afbfff84dda7c8d8c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3077 Malicious code in niji-react-input (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 308202af28f18471be931243021c6ecf4079323996579d3da01c5b193e94bc7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3074 Malicious code in niji-react-alert (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 131b1e825df158dacd4bb111ea02f0cf4a2c4374c18c8466ee2ad1e3bcb1b927 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3079 Malicious code in niji-react-select (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17dc01f92bc84168459b0c07238c88fe320f39e19f59414a938a8ef55226045e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in niji-react-collapsible (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45517acf73604f16c7460249b78bcf46b0da5988629d8b62e6abc9551f349eac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3078 Malicious code in niji-react-prettybytes (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 572b7b0cfab3e7ae5f10e6653440bf2e9d094c7ca66110eef06083fcc94840e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in niji-react-input (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 308202af28f18471be931243021c6ecf4079323996579d3da01c5b193e94bc7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in niji-react-textarea (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db947d966d8d0b7be248b2cc89616fdf14c8a5f7b2d6c7ca11dbfebe6e851914 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in niji-react-select (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17dc01f92bc84168459b0c07238c88fe320f39e19f59414a938a8ef55226045e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in niji-react-switch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b24fa24fa460419a699b1ade3246daeaff2282d1f49a2afbfff84dda7c8d8c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in niji-react-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b0f37153a7862a4b1e5abd871385e93b6535a8bb834f03fc9bb83b9e7be6640 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3081 Malicious code in niji-react-textarea (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db947d966d8d0b7be248b2cc89616fdf14c8a5f7b2d6c7ca11dbfebe6e851914 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @nationalgeographicsociety/ngsui-core-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c79788b32fb541eecf3d0b0268cd2e201328ab9caf252358c1f9106c193acf3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @nationalgeographicsociety/ngsui-addons-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d522cf6892b9363520f72cb2c024bbcf7d63238df065658694ca622082b1be9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-4Q56-CRQP-V477 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers
Impact We received a report about a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL...
Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers
Impact We received a report about a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL...
@akrc/fnpm (=1.13.1), @buttery/studio (>=0.2.3 <=0.3.1) +58 more potentially affected by CVE-2025-31137 via @react-router/express (>=7.0.0 <=7.4.1-pre.0)
@react-router/express NPM version =7.0.0, =0.2.3, =0.1.0, =0.3.1, =0.0.13, =1.0.0, =0.0.0-semantically-released, =1.0.1, =6.0.0-canary-001, =6.0.0-canary-001, =6.0.0-canary-001, =0.0.0, =1.0.0, =1.0.3 and more Source cves: CVE-2025-31137 Source advisory: OSV:GHSA-4Q56-CRQP-V477...
CVE-2025-31137
React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...