CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2025/03/02 8:30 a.m.•3 views

Malicious code in react-native-windows-repo (npm)

OSSF Malicious Packages•added 2025/03/01 4:21 a.m.•3 views

Malicious code in react-component-usage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02edaef58fe9d6ea792eb3739c512482637fea90b44a07700f89233420a331f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score

OSV•added 2025/03/01 4:21 a.m.•4 views

MAL-2025-1649 Malicious code in react-component-usage (npm)

OSSF Malicious Packages•added 2025/02/28 4:25 p.m.•3 views

Malicious code in pp-react-content-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8280f253e75704177d57797625fe0d81836b0ae85c09ebbc58cdbec1b2a5b4c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/02/28 4:25 p.m.•3 views

MAL-2025-1621 Malicious code in pp-react-content-loader (npm)

OSSF Malicious Packages•added 2025/02/28 3:53 p.m.•3 views

Malicious code in react-content-loader-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29f4fac1cd9b3669fd66345e097ee2be915ef08de77e2fe1a0473640df479d33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/02/28 3:53 p.m.•3 views

MAL-2025-1623 Malicious code in react-content-loader-fork (npm)

OSSF Malicious Packages•added 2025/02/28 5:0 a.m.•3 views

Malicious code in react-native-wallet-sdk-demo-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca22a1a9bdc58e35b912072adf9e4737394ce3c10cbad067352953e093610bc3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/02/28 5:0 a.m.•3 views

MAL-2025-1559 Malicious code in react-native-wallet-sdk-demo-app (npm)

7.2AI score

OSV•added 2025/02/22 3:35 a.m.•2 views

MAL-2025-1525 Malicious code in metamask-sdk-create-react-app (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed98a81fafea025740493667412dfaf8dd28cd12988fabdf1118a1765a12733d Any computer that has this package install...

7.1AI score

OSSF Malicious Packages•added 2025/02/19 7:28 a.m.•3 views

Malicious code in react-native-android-library-simpl-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4460dc946645a2b0bcd6489a7ae7a24c7c2803c369d27f2efa3de46ab7735558 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2025/02/18 5:36 p.m.•2 views

Malicious code in react-spectrum-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c3d2f67a738249f4e3344635d91861eb0b4932967a2d5d72b90fd9b7bad665fb The OpenSSF Package Analysis project identified 'react-spectrum-monorepo' @ 3.0.0 npm as malicious. It is considered malicious because: - The...

OSV•added 2025/02/18 5:36 p.m.•4 views

Exploits0

MAL-2025-1468 Malicious code in react-spectrum-monorepo (npm)

7.1AI score

Exploits0

OSV•added 2025/02/12 4:15 p.m.•1 views

CVE-2024-12629

In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection...

7.2CVSS5.8AI score

CNNVD•added 2025/02/12 12:0 a.m.•1 views

Progress Telerik KendoReact 安全漏洞

Progress Telerik KendoReact is a powerful and flexible React UI component library from Progress USA. A security vulnerability exists in Progress Telerik KendoReact versions 3.5.0 through 9.1.0, which stems from an attacker being able to introduce or modify attributes in the global prototype chain...

7.2CVSS7AI score0.00052EPSS

Cvelist•added 2025/02/07 10:38 p.m.•10 views

CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

7.8CVSS0.00593EPSS

Exploits1References4

OSV•added 2025/02/07 10:38 p.m.•7 views

CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

7.8CVSS7.6AI score0.00593EPSS

Exploits1References6

OSSF Malicious Packages•added 2025/02/07 5:56 a.m.•4 views

Malicious code in react-scripts-win (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29e804e3b477f180aba3ed9674d889a1e235e2091cca2fd2fe31cd5ef7528978 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/02/07 5:56 a.m.•2 views

MAL-2025-1258 Malicious code in react-scripts-win (npm)