MAL-2025-3875 Malicious code in bui-react-10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7efb9896b372501d00ef7c23655b29a8eed7ffe274410cb4d2748ec4aa96eda7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in old-react-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0ae29d9cb582d5c0be810adbab5c88a3409a65d0d94034301910bb1c735e2c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3847 Malicious code in old-react-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0ae29d9cb582d5c0be810adbab5c88a3409a65d0d94034301910bb1c735e2c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3852 Malicious code in react-native-plugin-ms-adal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 361e4c6581b21fde6eeab43c3e36a75bd051771efd939b92cd3f82fbee601f6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-native-plugin-ms-adal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 361e4c6581b21fde6eeab43c3e36a75bd051771efd939b92cd3f82fbee601f6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @igain/react-app (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92a7ea271ab926399063ffd4583f6b66fab6f3350920ca611701719de8f9356e Any computer that has this package installed or running should be considered...

MAL-2025-3706 Malicious code in @igain/react-app (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92a7ea271ab926399063ffd4583f6b66fab6f3350920ca611701719de8f9356e Any computer that has this package installed or running should be considered...

Insufficient Verification Of Data Authenticity

react-router is vulnerable to data spoofing. The vulnerability is due to improper request validation allows the ability to manipulate pre-rendered data via custom headers, allowing full modification of the data object embedded in HTML...

Cache Poisoning

react-router is vulnerable to Cache Poisoning. The vulnerability is due to improper request handling due to allowing header-based switching from SSR to SPA mode, which can trigger an error response that is then cached, affecting application availability...

SUSE CVE-2025-43864

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

SUSE CVE-2025-43865

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values of the data object passed to the HTML. This issue has been...

CVE-2025-43864

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

CVE-2025-43865

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. This issue has bee...

CVE-2025-43865 React Router allows pre-render data spoofing on React-Router framework mode

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. This issue has bee...

CVE-2025-43865 React Router allows pre-render data spoofing on React-Router framework mode

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. This issue has bee...

CVE-2025-43865 React Router allows pre-render data spoofing on React-Router framework mode

React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. This issue has bee...

CVE-2025-43865

CVE-2025-43865 affects React Router on the 7.0 branch before 7.5.2. The issue allows an attacker to modify pre-rendered data by adding a header to the request, enabling complete spoofing of the data object passed to the HTML. The vulnerability is patched in version 7.5.2. IBM’s bulletin notes thi...

CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

CVE-2025-43864

CVE-2025-43864: React Router (versions 7.2.0–7.5.1) allows forcing SPA mode by a request header, which on SSR apps can trigger a page-corrupting error. If a cache stores the error response, this enables cache poisoning and degrades availability. Patch: upgrade to React Router 7.5.2 (or later).

CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...