MAL-2025-5936 Malicious code in modern-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 551ccc399991abf0310245b17e68d5526426644f1b0e41c7d7d6b1b1286a425f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-redirect-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 438d7e49a15f42d9c8af314bc225c932e4531c3d028d8e602b578777e203300d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5952 Malicious code in react-redirect-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 438d7e49a15f42d9c8af314bc225c932e4531c3d028d8e602b578777e203300d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in appcenter-sampleapp-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8015d357cb8b89fe98c7076abd8ca3ea3146d43990de4f2410c5e2627a2fe970 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @happyfoxinc/react-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d35adaa5c8720836c739e2315328f940d5245dcc4590ffe7ac42b1e465b31388 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in supabase-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d99002d0e83f91ca297ecb91950c973f76ba284c9b63eba89946e9bfac2672de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5797 Malicious code in supabase-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d99002d0e83f91ca297ecb91950c973f76ba284c9b63eba89946e9bfac2672de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-53626 pdfme has Sandbox Escape and Prototype Pollution vulnerabilities in pdfme expression evaluation

pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. This vulnerability is fixed in 5.4.1...

Malicious code in @shadowmonarchx/eslint_plugin_react (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68a575ed67cd813fc81aec32ae29e2e8672e85158eebc9e3a07face9ed576247 Any computer that has this package installed or running should be considered...

MAL-2025-5805 Malicious code in bugsnag-plugin-react (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in bugsnag-plugin-react (npm)

The package communicates with a domain associated with malicious activity...

@async-atharv/ipaship (>=1.2.1 <=1.2.2), @bentwnghk/chat (>=1.85.2 <=1.107.2) +96 more potentially affected by CVE-2025-53548 via @clerk/backend (>=2.0.0 <=2.33.5)

@clerk/backend NPM version =2.0.0, =1.2.1, =1.85.2, =0.0.1, =3.0.3, =0.1.0, =2.8.0-snapshot.v20250514155045, =1.5.0-snapshot.v20250514155045, =2.3.0, =6.20.0-snapshot.v20250514155045, =1.7.0, =1.5.0, =4.8.0, =0.16.0, =1.7.0-snapshot.v20250514155045, =1.0.4, =1.0.7 and more Source cves:...

Malicious code in react-router-scroll-navar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e8e2c3b7417b2b59415f2f9ce55b82be6594510752b41c70e05cb8fff7fb243 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5723 Malicious code in react-router-scroll-navar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e8e2c3b7417b2b59415f2f9ce55b82be6594510752b41c70e05cb8fff7fb243 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in phone-mockup-react-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f6a1418f459219963b15e9792b3f8721f33e7d7f3bf802a570652c6f3a5faad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in appf-react-router-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bee107551e93c84b7b5e64794220ddf4898466e42cd01d1bdde8b41bb0cabd83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5667 Malicious code in appf-react-router-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bee107551e93c84b7b5e64794220ddf4898466e42cd01d1bdde8b41bb0cabd83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-smoothy-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4605263fb8378867aadba09b4a6f0265ce7325871f0c56d09e75f464cb397e39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5724 Malicious code in react-smoothy-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4605263fb8378867aadba09b4a6f0265ce7325871f0c56d09e75f464cb397e39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cra-react-router (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b95c7c2198b6267e255cb12eb540477d4e18a5670ea43c3e0554eba957e80cfa Any computer that has this package installed or running should be considered...