4876 matches found
Allocation of Resources Without Limits or Throttling
Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling...
CVE-2026-23864
Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...
CVE-2026-23864
CVE-2026-23864 affects React Server Components packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The connected advisories describe a denial-of-service condition triggered by specially crafted HTTP requests to Server Function endpoints, potentially causin...
CVE-2026-23864
Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...
CVE-2026-23864
Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 React2Shell Vulnerability Target Vulnerab...
January “In the Trend of VM” (#23): vulnerabilities in Windows, React and MongoDB
January "In the Trend of VM" 23: vulnerabilities in Windows, React and MongoDB. Traditional monthly roundup of trending vulnerabilities. Launching the 2026 season. 🙂 🗞 Post on Habr rus 🗒 Digest on the PT website rus In total, three vulnerabilities: 🔻 EoP - Windows Cloud Files Mini Filter Driver...
CVE-2026-23864: React and Next.js Denial of Service via Memory Exhaustion
...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell PoC This repository provides a minimal intentiona...
Exploit for Deserialization of Untrusted Data in Facebook React
🔍 Next.js Security Testing Tool Professiona...
MAL-2026-424 Malicious code in plugin-react-swc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 197cedd065670a6a39b4401d52b2a636d5ff18f26c378b571770286a807ec467 The package plugin-react-swc was found to contain malicious code. Source: ghsa-malware cba9afea98505469e9b9f36095ab566e5cd857b54255290d9defa67c40c62a...
EUVD-2026-3724
Malicious code in plugin-react-swc npm...
Malicious code in plugin-react-swc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 197cedd065670a6a39b4401d52b2a636d5ff18f26c378b571770286a807ec467 The package plugin-react-swc was found to contain malicious code. Source: ghsa-malware cba9afea98505469e9b9f36095ab566e5cd857b54255290d9defa67c40c62a...
Malicious Package
Overview plugin-react-swc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview wallet-adapter-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2026-3729
Malicious code in wallet-adapter-react npm...
MAL-2026-433 Malicious code in wallet-adapter-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd2a29de3dd67bd591f660c8b964bc262ba1967f0338d11a9e015ee04448c87 The package wallet-adapter-react was found to contain malicious code. Source: ghsa-malware...
Malicious code in wallet-adapter-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd2a29de3dd67bd591f660c8b964bc262ba1967f0338d11a9e015ee04448c87 The package wallet-adapter-react was found to contain malicious code. Source: ghsa-malware...
@bagisto-native/core (=1.0.2), @bagisto-native/react (>=1.0.0 <=1.0.1) potentially affected by CVE-2025-66803 via @hotwired/turbo (=8.0.17)
@hotwired/turbo NPM version =8.0.17 is affected by a known vulnerability. The following packages have a transitive dependency on @hotwired/turbo and may be impacted: - @bagisto-native/core =1.0.2 - @bagisto-native/react =1.0.0, =1.0.1 Source cves: CVE-2025-66803 Source advisory:...
Malicious code in react-server-dom-unbundled (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a00ece23d0316d703248d00b48a8a29b2ed829ae8e1bce8f1bfd6a404820b21 The package react-server-dom-unbundled was found to contain malicious code. Source: ghsa-malware...