MAL-2025-1232 Malicious code in toptal-react-bikes (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 768639e91eadd87efae2bcea05692ce8e38de966394edb200e220db1132b7500 Any computer that has this package installed or running should be considered...

MAL-2025-783 Malicious code in @tui-react-mobile/app-bar (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @aftersale/react-eva (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in paypal-react-donation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4163e772410fb8d023c936bd357a70a01d899798568afca41b94daf7b06d688 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1161 Malicious code in paypal-react-donation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4163e772410fb8d023c936bd357a70a01d899798568afca41b94daf7b06d688 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1133 Malicious code in ib-ai-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 547c2e4af2cd8eed422db2ccf1d7975144a2418c9663d76dff5e00b13e447347 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-748 Malicious code in react-native-country-picker-modal-modified (npm)

The package executes harmful command in pre-installation script to send sensitive data to an arbitrary domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69921c906d4d0ecfa3ba0de532e27f29b18c6be04a563ba99aa0590b1fcc77a8 Any computer that has this package install...

Malicious code in calling-integration-sdk-demo-react-ts (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control C2 infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a...

Security Bulletin: A vulnerability in react affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-45296).

Summary A vulnerability in React affects IBM Robotic Process Automation and may result in a denial of service. React is used by IBM Robotic Process Automation as part of it's UI Framework. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability Details...

Mattermost Mobile Denial of Service Vulnerability

Mattermost Mobile is a mobile application project, developed using the React Native framework, designed to provide a cross-platform iOS and Android client for Mattermost. Mattermost Mobile suffers from a denial of service vulnerability that stems from an inability to properly validate the proto...

Malicious code in viewport-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 267002a03c6d919765b3d26bea4ac822e509a4829c59b075764cecf051da4722 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-317 Malicious code in viewport-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 267002a03c6d919765b3d26bea4ac822e509a4829c59b075764cecf051da4722 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in aem-react-editable-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fdeb2ad3adadbbe85aa33bbaa3ed1728c9019c415d8c1e218db5f1f72661482 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-269 Malicious code in aem-react-editable-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fdeb2ad3adadbbe85aa33bbaa3ed1728c9019c415d8c1e218db5f1f72661482 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-native-apollo-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 643d99775fbe5d1e11235967329b1d9bfdd5f173b113db79c998b0ea7f2b7b3c The OpenSSF Package Analysis project identified 'react-native-apollo-devtools' @ 1.0.0 npm as malicious. It is considered malicious because: - T...

MAL-2025-137 Malicious code in react-native-apollo-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 643d99775fbe5d1e11235967329b1d9bfdd5f173b113db79c998b0ea7f2b7b3c The OpenSSF Package Analysis project identified 'react-native-apollo-devtools' @ 1.0.0 npm as malicious. It is considered malicious because: - T...

Malicious code in hts-open-dex-react-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 71bfac5a5597cde45524360e887ab5bed0c9e5b8c5337ac9c0728b677529de56 The OpenSSF Package Analysis project identified 'hts-open-dex-react-ui' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

Malicious code in ecpfs-react-jest-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 32b1e08557df6041c33ac4eaf0ebb0a3cdbc1bebeeb27b97321516cd0772898a The OpenSSF Package Analysis project identified 'ecpfs-react-jest-helpers' @ 2.0.1-v1 npm as malicious. It is considered malicious because: - Th...

MAL-2025-25 Malicious code in ecpfs-react-jest-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 32b1e08557df6041c33ac4eaf0ebb0a3cdbc1bebeeb27b97321516cd0772898a The OpenSSF Package Analysis project identified 'ecpfs-react-jest-helpers' @ 2.0.1-v1 npm as malicious. It is considered malicious because: - Th...