Malicious code in zohocomponents-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02306ea3563fd27b7738a5f7bbdf6a9f47659e2c1304067934fe7b49e0975410 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7313 Malicious code in yahoo-react-popup-select (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e505b7871307d7dfdf3bef0c52da5103e1b0e20b4fa2c34749183d4e29a55be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in yahoo-react-popup-select (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e505b7871307d7dfdf3bef0c52da5103e1b0e20b4fa2c34749183d4e29a55be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in suspicious-react-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b72ddb83c9fbe20fe07636b0a5aedb1c5f788d74050f6027f090bce10b2ab48b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6367 Malicious code in suspicious-react-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b72ddb83c9fbe20fe07636b0a5aedb1c5f788d74050f6027f090bce10b2ab48b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @contasimples/simples-react-ui is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

@toggled-apps/react-native-collapsible-scroll (>=1.0.0 <=1.0.2), @toggled-apps/react-native-product-carousel (=1.0.3) +9 more potentially affected by CVE-2022-24373 via react-native-reanimated (>=2.0.0-rc.0 <=2.0.1)

react-native-reanimated NPM version =2.0.0-rc.0, =1.0.0, =1.0.0, =41.0.0, =41.0.0, =1.0.0, =1.1.0, =1.1.2 - ui-ux =0.0.1 Source cves: CVE-2022-24373 Source advisory: SNYK:JS-REACTNATIVEREANIMATED-2949507...

Regular Expression Denial of Service (ReDoS)

Overview react-native-reanimated is a More powerful alternative to Animated library for React Native. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js. PoC js new...

MAL-2022-5632 Malicious code in react-bank-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff5553f821ba524b88f457343bcddbb43c844774492bf8fdb955996520d7b417 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-bank-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff5553f821ba524b88f457343bcddbb43c844774492bf8fdb955996520d7b417 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview react-bank-api is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

react-native-url-preview (>=1.1.1 <=1.1.9), react-native-url-preview-tgp (=1.1.9) +1 more potentially affected by CVE-2022-25876 via link-preview-js (>=1.6.0 <=2.1.13)

link-preview-js NPM version =1.6.0, =1.1.1, =2.1.4, =2.2.0 Source cves: CVE-2022-25876 Source advisory: OSV:GHSA-H9CW-7G8J-H66H...

CVE-2022-31103

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

Denial of service

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

CVE-2022-31103 Improper handling of CSS at-rules in lettersanitizer

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

CVE-2022-31103 Improper handling of CSS at-rules in lettersanitizer

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

CVE-2022-31103 Improper handling of CSS at-rules in lettersanitizer

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

Improper handling of CSS at-rules in lettersanitizer

Impact All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is also at risk. Patches The problem has been patched in version 1.0.2...

GHSA-7R3R-GQ8P-V9JJ Improper handling of CSS at-rules in lettersanitizer

Impact All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is also at risk. Patches The problem has been patched in version 1.0.2...

Malicious Package

Overview starter-react-frontend-app is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...