Malicious code in react-responsive-carousel-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 544d7ca19589218beb2b384a9e4e1ce7f64b130015ea62978f81adc7c6be5934 The package react-responsive-carousel-v4 was found to contain malicious code. Source: ghsa-malware...

MAL-2026-684 Malicious code in react-responsive-carousel-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 544d7ca19589218beb2b384a9e4e1ce7f64b130015ea62978f81adc7c6be5934 The package react-responsive-carousel-v4 was found to contain malicious code. Source: ghsa-malware...

MAL-2026-666 Malicious code in transform-react-display-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad21ba0cb042f576642dd61d0639ac6da6cec5a468ff7b5cf0aab9164667bcb0 The package transform-react-display-name was found to contain malicious code. Source: ghsa-malware...

Malicious code in typescript-react-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54ad53847415b01595a09cd7ec959129e610fe93b14b7f3ea880816bee2c8e97 The package typescript-react-apollo was found to contain malicious code. Source: ghsa-malware...

MAL-2026-668 Malicious code in typescript-react-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54ad53847415b01595a09cd7ec959129e610fe93b14b7f3ea880816bee2c8e97 The package typescript-react-apollo was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview typescript-react-apollo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious code in transform-react-display-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad21ba0cb042f576642dd61d0639ac6da6cec5a468ff7b5cf0aab9164667bcb0 The package transform-react-display-name was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview transform-react-display-name is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview react-dnd-legacy-html5-backend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

MAL-2026-657 Malicious code in react-dnd-legacy-html5-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d549162491e3ef2900daafc0bb49291caef1538d4406a75ec4b80e12ac18fc26 The package react-dnd-legacy-html5-backend was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-dnd-legacy-html5-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d549162491e3ef2900daafc0bb49291caef1538d4406a75ec4b80e12ac18fc26 The package react-dnd-legacy-html5-backend was found to contain malicious code. Source: ghsa-malware...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +5 more potentially affected by CVE-2026-24737 via jspdf (=4.0.0)

jspdf NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jspdf and may be impacted: - @armco/armory-react-components =0.0.23, =0.1.2, =1.4.0, =7.11.3, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-24737 Source advisory:...

Denial-of-Service (DoS)

React Server Components packages are vulnerable to Denial-Of-Service DoS. The vulnerability is due to insufficient validation and resource handling in Server Function request processing, where specially crafted HTTP requests to server function endpoints can trigger excessive CPU usage, memory...

Malicious code in react-native-expofp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4359b8fd752707d568aa82cc795ecb3a73be0444e93f02795686a048bc2de8a1 The package react-native-expofp was found to contain malicious code. Source: ghsa-malware...

MAL-2026-647 Malicious code in react-native-expofp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4359b8fd752707d568aa82cc795ecb3a73be0444e93f02795686a048bc2de8a1 The package react-native-expofp was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview react-native-expofp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55...

React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

EUVD-2026-4673

React Server Components have multiple Denial of Service Vulnerabilities...

@cedarjs/api-server (>=1.0.0-canary.12863 <=3.0.0-canary.13332), @cedarjs/cli (>=1.0.0-canary.12863 <=3.0.0-canary.13332) +10 more potentially affected by CVE-2026-23864 via react-server-dom-webpack (>=19.2.1 <=19.2.3)

react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...