MAL-2025-5681 Malicious code in cra-react-router (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b95c7c2198b6267e255cb12eb540477d4e18a5670ea43c3e0554eba957e80cfa Any computer that has this package installed or running should be considered...

Malicious code in mre-layout-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca72674752dda2346e914163e1a4ce3dd2a83b813747ebf2e4330596b0afb2c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mre-config-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22474e36d4ddd865818606c920d894196687008fcb57bc5488c2c682a801d5a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5617 Malicious code in mre-config-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22474e36d4ddd865818606c920d894196687008fcb57bc5488c2c682a801d5a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cache Poisoning

Next.js is vulnerable to cache poisoning. The vulnerability is due to HTML page requests returning a React Server Component RSC payload under certain conditions, which allows an attacker to poison the cache if the CDN does not correctly differentiate between RSC and HTML content...

CVE-2025-49005

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...

CVE-2025-49005 Next.js cache poisoning due to omission of Vary header

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...

CVE-2025-49005 Next.js cache poisoning due to omission of Vary header

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...

CVE-2025-49005

Next.js CVE-2025-49005 affects Next.js App Router (versions 15.3.0 to before 15.3.3) and Vercel CLI (41.4.1 to 42.2.0). A cache poisoning vulnerability could cause HTML requests to return a React Server Component payload under certain conditions. When deployed on Vercel, impact is limited to the ...

CVE-2025-49005 Next.js cache poisoning due to omission of Vary header

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...

Malicious code in react-fixtures-ssr (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d710afc7119dec419c22aa6e052c351680e8510317df2c1ea02c3ab56eec3bf4 Any computer that has this package installed or running should be considered...

PT-2025-27835

Name of the Vulnerable Software and Affected Versions: Next.js versions 15.3.0 through 15.3.2 Vercel CLI versions 41.4.1 through 42.1.0 Description: A cache poisoning issue was found in Next.js App Router and Vercel CLI, allowing page requests for HTML content to return a React Server Component R...

Malicious code in react-babel-purify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff19821615932cec55e91b56b5ef7b8974f053d6ec9dab32417601d23391b52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5575 Malicious code in react-babel-purify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff19821615932cec55e91b56b5ef7b8974f053d6ec9dab32417601d23391b52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Progress多款产品 跨站脚本漏洞

Progress Telerik UI for ASP.NET Core and others are products of Progress, Inc.Progress Telerik UI for ASP.NET Core is a set of UI component libraries for building cross-platform responsive web applications.Progress Telerik UI for Progress Telerik UI for ASP.NET MVC is a library of UI components f...

Malicious code in react-forget-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a394c45b21ba1a2437ef3331b2c18fb40316d9276a55529d77c29c8f729174be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5516 Malicious code in react-forget-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a394c45b21ba1a2437ef3331b2c18fb40316d9276a55529d77c29c8f729174be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-svg-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d1b4540b7accc26da839119cb9cee8be93e168c74f00d68eb96e60241796fbf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5517 Malicious code in react-svg-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d1b4540b7accc26da839119cb9cee8be93e168c74f00d68eb96e60241796fbf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5285 Malicious code in react-plaid-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2e5a7cd6740a8b92b5b0c681bce252fd1850ace8501de899aea496321176c95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...