MAL-2025-142935 Malicious code in global-fornax-supervisor-react-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0acf146c879312a52c4a11dfd8019469b166ba992f23e25b1a184a8024ba6b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147072 Malicious code in react-bootstrap-publish-concurrently-command (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40ca53b27778645d89b96eb595882242733d814a4cfe82678efc4b8e67b9ab61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147050 Malicious code in react-bootstrap-achernar-procyon-mini-css-extract-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47c1b7077ae1d503d6fa1608613dae97013280d40f52920ea01fd87b77227ec8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140574 Malicious code in ceres-react-bootstrap-gatsby-standard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf3b4e726dde90fa56bb930d14a2e37b38d2948bf534b5ec6b166ca2e2d78a12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146314 Malicious code in pm2-sync-convict-react-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1330108cc41fc5f8b16b97bd8b44613ea9687f6d108f9fb4aac46e264b7302b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147054 Malicious code in react-bootstrap-docusaurus-release-it-wasat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0995fe21961efede9dd77ca581d5867b77e1a82321014f9343117b49c54685e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142060 Malicious code in enif-react-bootstrap-gravity-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7366c6b2b849d14ce39d70c33c2606bc5ee97e6c0656befc2c46757026a36cf5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144420 Malicious code in link-pino-pretty-react-bootstrap-cordelia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 386846b5eb8ea17261166715d1b01f258c84fe3bd709898c4c45ac12b4038d21 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147063 Malicious code in react-bootstrap-lint-alphard-ursa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3684fd38755e805195dd3647625892859bfef3ea8e3c810285fb6382548a89c9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143552 Malicious code in impulse-react-bootstrap-gacrux-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eeeb91210fb4388357c7e75117778a2bbbfacf234dd1abd657a2fb9009212a46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145254 Malicious code in mysql-meissa-react-bootstrap-dagda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e0eb4b60620a7189a9a4bc23c417244da08f5afdfb4839b12a5e386e93d14ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147065 Malicious code in react-bootstrap-lynx-neptune-docusaurus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 510019b85afb9e4e1728b2f031dcc773b97174840ffcdc884eab7dc011eb029f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145971 Malicious code in parcel-sedna-react-bootstrap-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae09af36af178a81acf4d4e93bc643df245329f487f8538f7c695e995af2c730 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-44032

Malicious code in reactjs-fabric npm...

Malicious code in react-icons-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 224e1d5b1a2b01321da822c843e2013f28320e4b9d4d74487daef59c812557f6 The package react-icons-toolkit was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-41743

Malicious code in react-icons-toolkit npm...

Malicious Package

Overview react-icons-toolkit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-50729 Malicious code in react-icons-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 224e1d5b1a2b01321da822c843e2013f28320e4b9d4d74487daef59c812557f6 The package react-icons-toolkit was found to contain malicious code. Source: ghsa-malware...

OS Command Injection

@react-native-community/cli is vulnerable to OS Command Injection. The vulnerability is due to an exposed endpoint that accepts attacker-controlled POST data and passes it to system execution paths without proper sanitization, which allows an unauthenticated network attacker to run arbitrary...

@ai-sdk/angular (>=1.1.0-beta.0 <=1.1.0-beta.28), @ai-sdk/langchain (>=1.1.0-beta.0 <=1.1.0-beta.28) +5 more potentially affected by CVE-2025-48985 via ai (>=5.1.0-beta.0 <=5.1.0-beta.8)

ai NPM version =5.1.0-beta.0, =1.1.0-beta.0, =1.1.0-beta.0, =1.1.0-beta.0, =2.1.0-beta.0, =1.1.0-beta.0, =3.1.0-beta.0, =2.1.0-beta.0, =2.1.0-beta.28 Source cves: CVE-2025-48985 Source advisory: SNYK:JS-AI-13863465...