EUVD-2025-204477

Malicious code in react-enhanced-glow npm...

Malicious code in react-enhanced-glow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d6a21a6e0e2094ca1f9327d83a0c38da77bd3b8f8ffbad317ef4530a7d14c45 The package react-enhanced-glow was found to contain malicious code. Source: ghsa-malware...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 POC This repository contains a proof of conce...

Next.js Framework React Server Components DoS (CVE-2025-55184)

The Next.js Framework on the remote host is affected by a denial of service vulnerability: - A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages:...

Exploit for Deserialization of Untrusted Data in Facebook React

No d...

Security Bulletin: MANTA Automated Data Lineage for IBM Cloud Pak for Data is vulnerable to Critical Security Vulnerability in React Server Components CVE-2025-55182

Summary MANTA Automated Data Lineage for IBM Cloud Pak for Data is affected by React Server Components CVE-2025-55182. Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Toolkit & Lab Educational Only Lightweight G...

Exploit for Deserialization of Untrusted Data in Facebook React

react2shell-scanner-bypasswaf A command-line tool for detecti...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell PoC This repository provides a minimal intentiona...

Malicious Package

Overview react-vis-website is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview twilio-voice-react-native-reference-server is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview semi-animation-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview react-redux-up is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Security Bulletin: React Server Components RCE (CVE-2025-55182) and related advisories

Summary React Server Components RCE vulnerability. Carbon React and related Carbon React based libraries are not related to this CVE. However, many product teams may depend on the affected libraries via frameworks or plugins. We strongly encourage all teams to verify and upgrade any affected...

@c0va23/react-router-dev (=7.8.3-alpha.2), @catmint/cli (>=0.0.0-prealpha.1 <=0.0.0-prealpha.26) +30 more potentially affected by CVE-2025-68155 via @vitejs/plugin-rsc (>=0.4.11 <=0.5.26)

@vitejs/plugin-rsc NPM version =0.4.11, =0.0.0-prealpha.1, =0.0.0-prealpha.1, =0.2.0, =0.0.1-alpha.0, =16.2.6, =0.0.9, =0.6.0, =0.0.0-experimental.1, =0.1.0, =0.0.1, =0.0.0-1ae0b37, =0.0.0-experimental.00a81282, =0.0.0-experimental-2a6c7bc, =0.0.77-dev20260430111227, =0.0.77-dev20260506020152 and...

Directory Traversal

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Directory Traversal via the /viterscfindSourceMapURL endpoint when processing HTTP requests containing a file:// URL in the filename query parameter. An attacker can...

EUVD-2025-203834

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js React2Shell CVE-2025-55182 Expl0it A proof-of-conce...

Exploit for Deserialization of Untrusted Data in Facebook React

🔍 Next.js RCE Scanner - CVE-2025-55182 & CVE-2025-66478...

Exploit for Deserialization of Untrusted Data in Facebook React

No d...