4876 matches found
MAL-2026-2136 Malicious code in yelp-react-component-rating (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 027bbca928c4c1696f388fbb2ac0ac3a7c74a29db1a6bb76b5c7431759c27421 The package yelp-react-component-rating was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview yelp-react-component-photo-upload is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Malicious code in yelp-react-component-photo-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32e7f0c90df117fd4748129db7ebb37ee6519a0f8ace68bbd197b8f6658da7ee The package yelp-react-component-photo-upload was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview react-performance-suite is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Security Bulletin: Enumeration of users, compromised data confidentiality and integrity, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service
Summary IBM Storage Defender - Resiliency Service is vulnerable to enumeration of users, compromised data confidentiality and integrity, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22029 DESCRIPTION: React Router is a router for React. In...
Malicious code in react-tailwindcss-style (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5602af4bd6e54460627a64eb9632c4f1ec0e8604d523b76c272346a2f599cb99 The package react-tailwindcss-style was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2110 Malicious code in react-tailwindcss-style (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5602af4bd6e54460627a64eb9632c4f1ec0e8604d523b76c272346a2f599cb99 The package react-tailwindcss-style was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview react-tailwindcss-style is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
MAL-2026-2072 Malicious code in react-leaflet-heatmap-layer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2352243757a42dafc23c429819f6693b8f9a56799589414bbb527f35b1f7ed35 The package react-leaflet-heatmap-layer was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-leaflet-heatmap-layer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2352243757a42dafc23c429819f6693b8f9a56799589414bbb527f35b1f7ed35 The package react-leaflet-heatmap-layer was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-leaflet-cluster-layer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0518fae392cbcd2e3f43b08af24b6736a313bcc053d67bfece2c36c7e609373 The package react-leaflet-cluster-layer was found to contain malicious code. Source: ghsa-malware...
mkkp-map-client (>=0.0.3 <=1.0.4), mkkp-map-server (>=1.0.0 <=1.0.1) potentially affected by unknown CVE via react-leaflet-cluster-layer (=0.0.3)
react-leaflet-cluster-layer NPM version =0.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on react-leaflet-cluster-layer and may be impacted: - mkkp-map-client =0.0.3, =1.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2071...
Malicious code in babel-plugin-react-pure-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b646bc72d4de0e51f408bf6b7ae00d339ea8935a44b9bd71301a76337cc9b8d2 The package babel-plugin-react-pure-component was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2067 Malicious code in babel-plugin-react-pure-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b646bc72d4de0e51f408bf6b7ae00d339ea8935a44b9bd71301a76337cc9b8d2 The package babel-plugin-react-pure-component was found to contain malicious code. Source: ghsa-malware...
cyberops-security-suite
CyberOps Security Suite A comprehensive cybersecurity operati...
MAL-2026-2010 Malicious code in yelp-react-component-badge (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abec06c903f4139ed298b19b96521401231e6bd0cc306e5e7015d971d5a4260a The package yelp-react-component-badge was found to contain malicious code. Source: ghsa-malware...
Malicious code in yelp-react-component-badge (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abec06c903f4139ed298b19b96521401231e6bd0cc306e5e7015d971d5a4260a The package yelp-react-component-badge was found to contain malicious code. Source: ghsa-malware...
@abysslabs/cli (=0.0.2), @analogjs/vite-plugin-nitro (>=2.4.0-alpha.2 <=3.0.0-alpha.1) +26 more potentially affected by CVE-2026-33490 via h3 (>=2.0.1-rc.11 <=2.0.1-rc.16)
h3 NPM version =2.0.1-rc.11, =2.4.0-alpha.2, =3.23.1-20260131-121433-34f631e, =0.15.0, =1.154.7, =0.0.1, =1.154.7, =1.154.7, =1.154.7, =2.0.0-beta.17 and more Source cves: CVE-2026-33490 Source advisory: SNYK:JS-H3-15745916...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...