@account-kit/react (>=4.0.0 <=4.88.2), @account-kit/react-native (>=4.15.0 <=4.88.2) +50 more potentially affected by CVE-2024-57068 via @tanstack/form-core (>=0.0.1 <=0.42.0)

@tanstack/form-core NPM version =0.0.1, =4.0.0, =4.15.0, =3.13.0, =0.0.1, =0.1.1, =0.0.1, =1.0.0, =0.3.5, =0.3.3, =0.10.0 and more Source cves: CVE-2024-57068 Source advisory: OSV:GHSA-GGV3-VMGW-XV2Q...

CVE-2024-34342

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

CVE-2024-42347

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...

react-uploady 安全漏洞

react-uploady is an upload component of rpldy open source. A security vulnerability exists in react-uploady v1.8.1, which stems from the lib.createUploader function containing a prototype contamination vulnerability...

MAL-2025-1232 Malicious code in toptal-react-bikes (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 768639e91eadd87efae2bcea05692ce8e38de966394edb200e220db1132b7500 Any computer that has this package installed or running should be considered...

MAL-2025-783 Malicious code in @tui-react-mobile/app-bar (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @aftersale/react-eva (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1133 Malicious code in ib-ai-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 547c2e4af2cd8eed422db2ccf1d7975144a2418c9663d76dff5e00b13e447347 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in paypal-react-donation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4163e772410fb8d023c936bd357a70a01d899798568afca41b94daf7b06d688 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1161 Malicious code in paypal-react-donation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4163e772410fb8d023c936bd357a70a01d899798568afca41b94daf7b06d688 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-748 Malicious code in react-native-country-picker-modal-modified (npm)

The package executes harmful command in pre-installation script to send sensitive data to an arbitrary domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69921c906d4d0ecfa3ba0de532e27f29b18c6be04a563ba99aa0590b1fcc77a8 Any computer that has this package install...

Malicious code in calling-integration-sdk-demo-react-ts (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control C2 infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a...

Security Bulletin: A vulnerability in react affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-45296).

Summary A vulnerability in React affects IBM Robotic Process Automation and may result in a denial of service. React is used by IBM Robotic Process Automation as part of it's UI Framework. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability Details...

Mattermost Mobile Denial of Service Vulnerability

Mattermost Mobile is a mobile application project, developed using the React Native framework, designed to provide a cross-platform iOS and Android client for Mattermost. Mattermost Mobile suffers from a denial of service vulnerability that stems from an inability to properly validate the proto...

Malicious code in viewport-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 267002a03c6d919765b3d26bea4ac822e509a4829c59b075764cecf051da4722 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-317 Malicious code in viewport-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 267002a03c6d919765b3d26bea4ac822e509a4829c59b075764cecf051da4722 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in aem-react-editable-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fdeb2ad3adadbbe85aa33bbaa3ed1728c9019c415d8c1e218db5f1f72661482 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-269 Malicious code in aem-react-editable-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fdeb2ad3adadbbe85aa33bbaa3ed1728c9019c415d8c1e218db5f1f72661482 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-137 Malicious code in react-native-apollo-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 643d99775fbe5d1e11235967329b1d9bfdd5f173b113db79c998b0ea7f2b7b3c The OpenSSF Package Analysis project identified 'react-native-apollo-devtools' @ 1.0.0 npm as malicious. It is considered malicious because: - T...