Malicious code in react-svg-anchor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e014ccf1aaf52a0f5ad92a977b2fb987b63be3ae7bdf8fa9b5f8813f68040344 The package react-svg-anchor was found to contain malicious code. Source: ghsa-malware d539493dcc209d4d478ffa4a5893cd5cd01ee1d994700b9492b651c8aeb372...

MAL-2026-1363 Malicious code in react-svg-anchor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e014ccf1aaf52a0f5ad92a977b2fb987b63be3ae7bdf8fa9b5f8813f68040344 The package react-svg-anchor was found to contain malicious code. Source: ghsa-malware d539493dcc209d4d478ffa4a5893cd5cd01ee1d994700b9492b651c8aeb372...

Malicious Package

Overview react-svg-anchor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Internet-Scale Measurement of React2Shell Exploitation Using an Active Network Telescope

The increasing adoption of server-side component-based web frameworks has introduced new application-layer attack surfaces that remain insufficiently understood at Internet scale. On 3 December 2025, a critical remote code execution vulnerability CVE-2025-55182 in React Server Components, referre...

@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects

A cross site scripting flaw has been discovered in the npm react-router and @remix-run/router packages. React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintend...

@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects

A cross site scripting flaw has been discovered in the npm react-router and @remix-run/router packages. React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintend...

react-router: @remix-run/router: React Router XSS Vulnerability

The cross site scripting flaw has been discovered in the npm react-router package. A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate...

react-router: @remix-run/react: React Router SSR XSS in ScrollRestoration

A cross site scripting flaw has been discovered in the npm react-router package. The cross site scripting XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during...

Malicious Package

Overview @bytedanc-ad/mui-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious Package

Overview jupyterhub-admin-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious Package

Overview @saferpay/react-library is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious Package

Overview react-release-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MarkUs 安全漏洞

MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Versions of MarkUs prior to 2.9.4 contained a security vulnerability due to the lack of size or item quantity limits when extracting zip files...

Malicious code in pear-apps-lib-ui-react-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 325efdb6f86d5a55bf6cf0630f6fc6be87fbe387047929a31e4e5e55a8ea6cdf The package pear-apps-lib-ui-react-hooks was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1251 Malicious code in pear-apps-lib-ui-react-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 325efdb6f86d5a55bf6cf0630f6fc6be87fbe387047929a31e4e5e55a8ea6cdf The package pear-apps-lib-ui-react-hooks was found to contain malicious code. Source: ghsa-malware...

@zextras/carbonio-design-system (=12.0.3), react-native-github-markdown (>=2.1.0 <=2.2.0) potentially affected by CVE-2025-68467 via darkreader (>=4.7.15 <=4.9.105)

darkreader NPM version =4.7.15, =2.1.0, =2.2.0 Source cves: CVE-2025-68467 Source advisory: OSV:GHSA-X369-MCW8-8RVJ...

@zextras/carbonio-design-system (=12.0.3), react-native-github-markdown (>=2.1.0 <=2.2.0) potentially affected by CVE-2025-68467 via darkreader (>=4.7.15 <=4.9.105)

darkreader NPM version =4.7.15, =2.1.0, =2.2.0 Source cves: CVE-2025-68467 Source advisory: SNYK:JS-DARKREADER-15441035...

@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +108 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)

dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...

-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +29535 more potentially affected by CVE-2026-27601 via underscore (>=1.0.3 <=1.13.7)

underscore NPM version =1.0.3, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 - 0scarclassk...

Malicious Package

Overview marionette-react-view is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...