Malicious code in vitejs-plugin-react-refresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1686bc018b42cf0146c11ecc1796ef7bad5ed0bb6b07eae4ceffd65b35f36255 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6247 Malicious code in vitejs-plugin-react-refresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1686bc018b42cf0146c11ecc1796ef7bad5ed0bb6b07eae4ceffd65b35f36255 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Sitecore JSS React Sample Application 安全漏洞

Sitecore JSS React Sample Application is a sample program from Sitecore, Inc. A security vulnerability exists in Sitecore JSS React Sample Application versions 11.0.0 through 14.0.1, which stems from an information disclosure that could result in the cross-display of user data...

PT-2025-30883 · Sitecore · Sitecore Jss React Sample Application

Name of the Vulnerable Software and Affected Versions: Sitecore JSS React Sample Application versions 11.0.0 through 14.0.1 Description: An information disclosure issue exists that may allow page content intended for one user to be displayed to another user. Recommendations: Sitecore JSS React...

MAL-2025-6227 Malicious code in react-is-builtin (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ec8b0c72c247f12884f7dd1d983f39af01544eaefed640dec15bd838e4b3473d The OpenSSF Package Analysis project identified 'react-is-builtin' @...

Malicious code in react-is-builtin (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ec8b0c72c247f12884f7dd1d983f39af01544eaefed640dec15bd838e4b3473d The OpenSSF Package Analysis project identified 'react-is-builtin' @...

Malicious code in react-dom-experimental-builtin (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6303 Malicious code in react-dom-experimental-builtin (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in react-dom-builtin (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ac7450c93d4fe9acd7455d948757158cfef0776508f78ee3544d4cad40dc18b2 The OpenSSF Package Analysis project identified 'react-dom-builtin' @...

MAL-2025-6226 Malicious code in react-dom-builtin (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ac7450c93d4fe9acd7455d948757158cfef0776508f78ee3544d4cad40dc18b2 The OpenSSF Package Analysis project identified 'react-dom-builtin' @...

Malicious code in react-international-phone-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 55dc391aa3ec3a479f332033f4ed1c9804c98935cd8ec931e830a8f44a9b790f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6219 Malicious code in react-international-phone-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 55dc391aa3ec3a479f332033f4ed1c9804c98935cd8ec931e830a8f44a9b790f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6142 Malicious code in @verge-vcl-react/data-grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c4f54ea3248c3fdbfda6a6a07da73bfd9f07ecceb0e4104dae677ae6452aaae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6155 Malicious code in community-pass-react-native-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45d465e1a0ba3936c02d875635041ba0362e96dee19c7f7d727391a4bdcb5dc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Why You Should Use Geolocation in Your React App’s Authentication Process

Improve security in your React app with geolocation-based authentication, adding a strong layer beyond passwords to prevent unauthorised access...

Malicious code in react-hook-form-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7bbb033f9045b94810312d6c18ca8a53e34b6886863c10eaf2521f35349775c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6001 Malicious code in react-hook-form-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7bbb033f9045b94810312d6c18ca8a53e34b6886863c10eaf2521f35349775c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

10by10-react-app (=1.2.1), 192.168.0.172 (=4.6.1) +13982 more potentially affected by CVE-2025-7339 via on-headers (>=0.0.0 <=1.0.2)

on-headers NPM version =0.0.0, =1.0.2, =1.0.0, =0.30.0, =0.2.0, =0.0.28, =4.11.0, =4.11.46 and more Source cves: CVE-2025-7339 Source advisory: OSV:GHSA-76C9-3JPH-RJ3Q...

Reactor Netty HTTP is vulnerable to credential leaks during chained redirects

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

Malicious code in modern-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 551ccc399991abf0310245b17e68d5526426644f1b0e41c7d7d6b1b1286a425f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...