MAL-2026-301 Malicious code in react-sitecore-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bcb38af52d8a28ad89a31c0415f1673eb2ca18ec76121703ded6334a6b7e6d2 The package react-sitecore-library was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3110

Malicious code in @riag-libs/pattern-library-react-hooks npm...

EUVD-2026-3108

Malicious code in @spx-delivery/react npm...

MAL-2026-259 Malicious code in @riag-libs/pattern-library-react-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64366b918bd4380cf8b087a445df7d86ef18b21686c577a9ed7bdd523aceac64 The package @riag-libs/pattern-library-react-hooks was found to contain malicious code. Source: ghsa-malware...

MAL-2026-272 Malicious code in chakra-ui-2--react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05221f163f14d551b861ff7d6ac6ea0d6c946d288b5d74ef14de5e10f6d6b43d The package chakra-ui-2--react was found to contain malicious code. Source: ghsa-malware...

MAL-2026-273 Malicious code in chakra-ui-2--react-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d8e94e720f2e969a3349854427d9ac418ea507516a488bc52eef4397d86e5e8 The package chakra-ui-2--react-utils was found to contain malicious code. Source: ghsa-malware...

Malicious code in @riag-libs/pattern-library-react-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64366b918bd4380cf8b087a445df7d86ef18b21686c577a9ed7bdd523aceac64 The package @riag-libs/pattern-library-react-hooks was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3084

Malicious code in bve-react-ui-kit npm...

MAL-2026-271 Malicious code in bve-react-ui-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7129addcf662b66f1b9c3bccfef1b910ba7d7529205773a6ef69f5fcec9b9178 The package bve-react-ui-kit was found to contain malicious code. Source: ghsa-malware e12ba9c2363df47acb928246ccbbfedb85b5cbfb0f433286818034daf65dfd...

Malicious code in chakra-ui-2--react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05221f163f14d551b861ff7d6ac6ea0d6c946d288b5d74ef14de5e10f6d6b43d The package chakra-ui-2--react was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3060

Malicious code in react-sitecore-library npm...

EUVD-2026-3082

Malicious code in chakra-ui-2--react-utils npm...

Malicious code in react-sitecore-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bcb38af52d8a28ad89a31c0415f1673eb2ca18ec76121703ded6334a6b7e6d2 The package react-sitecore-library was found to contain malicious code. Source: ghsa-malware...

Open Redirect

React Router is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of attacker-supplied navigation paths, which allows an attacker to craft a malicious path that forces the application to redirect users to an external, potentially malicious URL...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55184CVE-...

CVE-2025-68470

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...

CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Proof of concept exploit for CVE-2025-55182...

SUSE CVE-2026-21884

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

SUSE CVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...