4915 matches found
MAL-2025-31854 Malicious code in react-router2 (npm)
The package react-router2 was found to contain malicious code...
MAL-2025-13828 Malicious code in @zalastax/nolb-react-ud (npm)
The package @zalastax/nolb-react-ud was found to contain malicious code...
MAL-2025-25224 Malicious code in lib-react-component-page-notifications (npm)
The package lib-react-component-page-notifications was found to contain malicious code...
MAL-2025-6821 Malicious code in @tradair-repo/sources-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4c2e8efcfd67964d523b508359644439a1c57011cf171ba350241c6949654fe4 The OpenSSF Package Analysis project identified '@tradair-repo/sources-react' @ 1.0.0-malicious npm as malicious. It is considered malicious...
CVE-2025-55008
The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...
Malicious code in eslint-plugin-react_editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 091ef657bc115b400dc3d8cd65691df53caef85fa307f52d627aac4d50120a77 The OpenSSF Package Analysis project identified 'eslint-plugin-reacteditor' @ 71.71.72 npm as malicious. It is considered malicious because: - T...
MAL-2025-6812 Malicious code in eslint-plugin-react_editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 091ef657bc115b400dc3d8cd65691df53caef85fa307f52d627aac4d50120a77 The OpenSSF Package Analysis project identified 'eslint-plugin-reacteditor' @ 71.71.72 npm as malicious. It is considered malicious because: - T...
CVE-2025-55008
The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...
Information Exposure
Overview @workos-inc/authkit-react-router is an Authentication and session helpers for using WorkOS & AuthKit with React Router 7+ Affected versions of this package are vulnerable to Information Exposure via the accessToken and sealedSession parameters in the authkitLoader function. An attacker c...
CVE-2025-55008
CVE-2025-55008 affects the AuthKit React Router library for React Router 7+. In versions ≤ 0.6.1, the package exposes sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader , causing them to be rendered into browser HTML (informa...
CVE-2025-55008 AuthKit React Router: Sensitive auth data rendered in HTML
The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...
CVE-2025-55008 AuthKit React Router: Sensitive auth data rendered in HTML
The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...
CVE-2025-55008 AuthKit React Router: Sensitive auth data rendered in HTML
The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...
AuthKit React Router Library 信息泄露漏洞
AuthKit React Router Library is a WorkOS open source authentication and session helper for use in React Router 7. An information disclosure vulnerability exists in AuthKit React Router Library version 0.6.1 and earlier, which stems from exposing sensitive authentication artifacts that could lead ...
GHSA-VQVC-9Q8X-VMQ6 The AuthKit React Router Library rendered sensitive auth data in HTML
In versions before 0.7.0, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. Impact This information disclosure could lead to...
Malicious code in react-native-kraken-oauth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6dd9f629078cdad7b927b9f85f1d8b3a5d381a6009e08c65eafca6272b20cbf2 The OpenSSF Package Analysis project identified 'react-native-kraken-oauth' @ 1.0.1 npm as malicious. It is considered malicious because: - The...
MAL-2025-6806 Malicious code in react-native-kraken-oauth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6dd9f629078cdad7b927b9f85f1d8b3a5d381a6009e08c65eafca6272b20cbf2 The OpenSSF Package Analysis project identified 'react-native-kraken-oauth' @ 1.0.1 npm as malicious. It is considered malicious because: - The...
PT-2025-32421 · Workos · Authkit-React-Router
Name of the Vulnerable Software and Affected Versions: @workos-inc/authkit-react-router versions 0.6.1 and below Description: The AuthKit library for React Router exposes sensitive authentication artifacts – specifically sealedSession and accessToken – by returning them from the authkitLoader,...
CVE-2025-54594
react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...
CVE-2025-54594
react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...