4876 matches found
PT-2026-21904
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow...
PT-2026-21840
Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo pro...
JetBrains TeamCity 输入验证错误漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2025.11.3...
Malicious code in react-markdown-canvas (npm)
Malicious package due to data exfiltration via Discord webhook on install. Collects IP, hostname, and date without consent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4123db6526d8c37f99fa33e2524edc97922efef6b1605dc0a8acdbf41e76cc77 The package...
MAL-2026-1040 Malicious code in react-markdown-canvas (npm)
Malicious package due to data exfiltration via Discord webhook on install. Collects IP, hostname, and date without consent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4123db6526d8c37f99fa33e2524edc97922efef6b1605dc0a8acdbf41e76cc77 The package...
Malicious Package
Overview react-dropzone-truffle is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious code in react-dropzone-truffle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deb9aafcb06b44346b4a153006bf1230d02f97d4f76ac2797f42a22005658c85 The package react-dropzone-truffle was found to contain malicious code. Source: ghsa-malware...
MAL-2026-999 Malicious code in react-dropzone-truffle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deb9aafcb06b44346b4a153006bf1230d02f97d4f76ac2797f42a22005658c85 The package react-dropzone-truffle was found to contain malicious code. Source: ghsa-malware...
@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +8 more potentially affected by CVE-2026-25535 via jspdf (>=4.0.0 <=4.1.0)
jspdf NPM version =4.0.0, =0.0.23, =0.1.2, =1.4.0, =0.111.0-7, =7.11.3, =0.111.0-7, =0.111.0-7, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-25535 Source advisory: SNYK:JS-JSPDF-15322681...
A New Denial-of-Service Vector in React Server Components
React Server Components RSC have introduced a hybrid execution model that expands application capabilities while increasing the potential attack surface. Following earlier disclosures and fixes related to React DoS vulnerabilities, an additional analysis of RSC internals was conducted to assess...
ionic-spid-poc-crs
SPID SSO POC — Ionic React + Node.js + Signicat Sandbox A p...
MAL-2026-914 Malicious code in @qualys/react-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c63e27e2c86203c152f6f7bfc30136a44d93bfbc84522fcf86ca97976511a59 The package @qualys/react-web was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @qualys/react-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c63e27e2c86203c152f6f7bfc30136a44d93bfbc84522fcf86ca97976511a59 The package @qualys/react-web was found to contain malicious code. Source: ossf-package-analysis...
Exploit for Deserialization of Untrusted Data in Facebook React
This Proof of Concept PoC for React2Shell CVE-2025-55182 vul...
CVE-2026-0969 Arbitrary code execution in React server-side rendering of untrusted MDX content
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...
Exploit for Deserialization of Untrusted Data in Facebook React
Affected Software: React Server Components versions 19.0.0, 1...
Malicious code in react-svg-handler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63577e9faa19bf76dac1f171ee006ed6801a0726d5782ae1246bde01b508a7ad The package react-svg-handler was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview react-svg-handler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-822 Malicious code in react-svg-handler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63577e9faa19bf76dac1f171ee006ed6801a0726d5782ae1246bde01b508a7ad The package react-svg-handler was found to contain malicious code. Source: ghsa-malware...
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Dock...