Embedded Malicious Code

Overview @ctrl/react-adsense is an Adsense component for react Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

open-vector-editor (>=10.1.61 <=18.3.6), ove-electron (=1.2.8) +2 more potentially affected by unknown CVE via tg-client-query-builder (=2.14.3)

tg-client-query-builder NPM version =2.14.3 is affected by a known vulnerability. The following packages have a transitive dependency on tg-client-query-builder and may be impacted: - open-vector-editor =10.1.61, =18.3.6, =29.0.7, =30.15.8 Source cves: unknown CVE Source advisory:...

@bubbles-ui/leemons (>=1.0.0 <=1.2.277), @imtf/rjsf-conditionals (=5.0.3) +3 more potentially affected by unknown CVE via json-rules-engine-simplified (>=0.1.17 <=0.2.0)

json-rules-engine-simplified NPM version =0.1.17, =1.0.0, =0.1.0, =0.1.17, =0.1.1, =0.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-JSONRULESENGINESIMPLIFIED-12704864...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

@opencloning/opencloning-elabftw (>=1.6.0 <=1.9.1), @opencloning/opencloningdb (>=1.7.1 <=1.8.1) +9 more potentially affected by unknown CVE via @teselagen/react-list (>=0.8.16 <=0.8.18)

@teselagen/react-list NPM version =0.8.16, =1.6.0, =1.7.1, =1.0.1, =0.0.15, =6.10.1, =0.0.14, =0.5.7, =10.1.14, =18.3.6, =28.0.0, =30.15.8 Source cves: unknown CVE Source advisory: SNYK:JS-TESELAGENREACTLIST-12744522...

@crowdstrike/alloy-react (>=0.0.2 <=0.0.5) potentially affected by unknown CVE via @crowdstrike/foundry-js (=0.17.1)

@crowdstrike/foundry-js NPM version =0.17.1 is affected by a known vulnerability. The following packages have a transitive dependency on @crowdstrike/foundry-js and may be impacted: - @crowdstrike/alloy-react =0.0.2, =0.0.5 Source cves: unknown CVE Source advisory:...

react-jsonschema-rxnt-extras (>=0.1.14 <=0.5.0-alpha.190053) potentially affected by unknown CVE via react-complaint-image (>=0.0.10 <=0.0.31)

react-complaint-image NPM version =0.0.10, =0.1.14, =0.5.0-alpha.190053 Source cves: unknown CVE Source advisory: SNYK:JS-REACTCOMPLAINTIMAGE-12705089...

Malicious code in @account-portal/ui-toolkit-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8071d62a3309d3670bd962154aedbcb3fcfad9e85579f6fe36be0fccbd5feb2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47130 Malicious code in @account-portal/ui-toolkit-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8071d62a3309d3670bd962154aedbcb3fcfad9e85579f6fe36be0fccbd5feb2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview react-native-httpapi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview react-native-wm-weighingscale is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview react-native-wm-barcode is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious code in react-prop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6aeb7200f91cbea0037b45eb8c0fde13aaa99f73bf5dc9fbf18eb696c70516d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview react-prop is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

MAL-2025-47203 Malicious code in react-prop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6aeb7200f91cbea0037b45eb8c0fde13aaa99f73bf5dc9fbf18eb696c70516d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-dropzone-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cfc9e996c0ff6970713abc0d1870a3982db5ed09547644a140c8160a8a393d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview react-dropzone-log is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-47102 Malicious code in react-dropzone-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cfc9e996c0ff6970713abc0d1870a3982db5ed09547644a140c8160a8a393d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...