Malicious code in react-tmedia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2561617d960be4ee063460a87fe4cded553ec3c3f0258fcaae75a27aa92de3b The package react-tmedia was found to contain malicious code. Source: ghsa-malware eb8db46193d662b789371d3c7670652c9d9dca288f0b99daba2791a3410613cf A...

EUVD-2025-37950

Malicious code in react-tmedia npm...

Malicious Package

Overview react-tmedia is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-49368 Malicious code in react-tmedia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2561617d960be4ee063460a87fe4cded553ec3c3f0258fcaae75a27aa92de3b The package react-tmedia was found to contain malicious code. Source: ghsa-malware eb8db46193d662b789371d3c7670652c9d9dca288f0b99daba2791a3410613cf A...

Malicious code in tailwindcss-react-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c6f72d8d64a8612b01ed58fa0bcacd97698a820dcf3b2ebf50dec6e23831065 The package tailwindcss-react-sass was found to contain malicious code. Source: ghsa-malware...

MAL-2025-49369 Malicious code in tailwindcss-react-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c6f72d8d64a8612b01ed58fa0bcacd97698a820dcf3b2ebf50dec6e23831065 The package tailwindcss-react-sass was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-37954

Malicious code in tailwindcss-react-sass npm...

Malicious Package

Overview tailwindcss-react-sass is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Severe React Native Flaw Exposes Developer Systems to Remote Attacks

JFrog researchers found a critical RCE vulnerability CVE-2025-11953 in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw...

ExploitReport

The Exploit Report — Portfolio React A single-page React si...

Malicious Package

Overview react-notifications-alert is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

EUVD-2025-37866

Malicious code in react-notifications-alert npm...

Malicious code in react-notifications-alert (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fbe66f8e85ad0ad7c2682e9640e0f2a48344bcef9beeaa8de12e5e687744acf The package react-notifications-alert was found to contain malicious code. Source: ghsa-malware...

MAL-2025-49361 Malicious code in react-notifications-alert (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fbe66f8e85ad0ad7c2682e9640e0f2a48344bcef9beeaa8de12e5e687744acf The package react-notifications-alert was found to contain malicious code. Source: ghsa-malware...

CVE-2025-11953

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

Exploit for CVE-2025-11953

React Native CLI Command Injection Demo CVE-2025-11953 ⚠...

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...

Malicious code in react-paypal-braintree-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ebbf8ad1d1a557ec443c0f6ea58587954750259557188b27491cca78c7e9ea7 The package react-paypal-braintree-demo was found to contain malicious code. Source: ossf-package-analysis...

@react-native-community/cli has arbitrary OS command injection

The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

GHSA-399J-VXMF-HJVR @react-native-community/cli has arbitrary OS command injection

The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...