CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GithubExploit•added 2026/03/17 7:14 p.m.•100 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182RCEExploit REC Exploit is a Python-based secur...

10CVSS6AI score0.84489EPSS

Exploits362

IBM Security Bulletins•added 2026/03/17 7:49 a.m.•5 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in js-yaml, minimatch, and react-router

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in js-yaml CVE-2025-64718, minimatch CVE-2026-26996, CVE-2026-27903, CVE-2026-27904, react-router CVE-2025-59057, CVE-2025-68470, CVE-2026-21884, CVE-2026-22029, CVE-2026-22030. This has been addressed in the...

8.7CVSS6AI score0.00036EPSS

Exploits3Affected Software1

OSSF Malicious Packages•added 2026/03/16 11:54 a.m.•4 views

Malicious code in @jaime9008/math-service (npm)

Package classified as malware due to code obfuscation, use of eval for code execution, and a low number of published versions. The file lib/lib.js contains same obfuscated malware dropler as malicious react-refresh-update package, the author is same for both pacakge. --- -= Per source details. Do...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/16 10:2 a.m.•4 views

Malicious code in react-refresh-update (npm)

Package contains highly obfuscated code with dynamic execution using eval, a strong indicator of malicious intent. YARA rule matches confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68cf0c0bd6ed2a8c07bc175b5c0cc7f86a49133e67dd5d8f68f37309c5f1a463 The...

6AI score

Exploits0References1

OSV•added 2026/03/16 10:2 a.m.•0 views

MAL-2026-1485 Malicious code in react-refresh-update (npm)

6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/16 12:0 a.m.•4 views

Malicious code in transform-react-jsx (npm)

The package 'transform-react-jsx' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score

OSSF Malicious Packages•added 2026/03/16 12:0 a.m.•2 views

Malicious code in react-you-might-not-need-an-effect (npm)

The package 'react-you-might-not-need-an-effect' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 serve...

5.5AI score

OSV•added 2026/03/16 12:0 a.m.•1 views

MAL-2026-1557 Malicious code in add-react-displayname (npm)

The package 'add-react-displayname' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

OSSF Malicious Packages•added 2026/03/16 12:0 a.m.•3 views

Malicious code in add-react-displayname (npm)

5.5AI score

OSV•added 2026/03/16 12:0 a.m.•0 views

MAL-2026-1553 Malicious code in typescript-react-query (npm)

The package 'typescript-react-query' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

OSV•added 2026/03/16 12:0 a.m.•2 views

MAL-2026-1528 Malicious code in react-you-might-not-need-an-effect (npm)

OSV•added 2026/03/16 12:0 a.m.•3 views

MAL-2026-1508 Malicious code in transform-react-jsx (npm)

Snyk•added 2026/03/15 11:0 p.m.•3 views

Embedded Malicious Code

Overview react-native-country-select is a 🌍 React Native country picker with flags, search, TypeScript, i18n, and offline support. Lightweight, customizable, and designed with a modern UI. Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this...

9.8CVSS5.8AI score

Snyk•added 2026/03/15 11:0 p.m.•2 views

Embedded Malicious Code

Overview react-native-international-phone-number is an International mobile phone input component with mask for React Native Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised and a malicious version was released on...

9.8CVSS5.7AI score

Snyk•added 2026/03/13 10:37 a.m.•2 views

Malicious Package

Overview tourney-sdk-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

OSV•added 2026/03/13 5:37 a.m.•1 views

MAL-2026-1388 Malicious code in tourney-sdk-react (npm)

The package exfiltrates system data to remote server --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c5364bf5b440c1fcec66cbe29b7243db3661868744f68aebeb5f8b99619d950 The package tourney-sdk-react was found to contain malicious code. Source: ghsa-malware...

5.8AI score

OSSF Malicious Packages•added 2026/03/13 5:37 a.m.•2 views

Malicious code in tourney-sdk-react (npm)

5.8AI score

Snyk•added 2026/03/12 4:23 p.m.•1 views

Malicious Package

Overview add-react-displayname is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior Th...

9.8CVSS5.9AI score