PT-2023-20171 · Unknown · Ra-Ui-Materialui +1

Name of the Vulnerable Software and Affected Versions: react-admin versions prior to 3.19.12 and 4.7.6 ra-ui-materialui versions prior to 3.19.12 and 4.7.6 Description: The issue affects all React applications built with react-admin and using the . This component outputs the field value using...

@540deg/react-native-simple-markdown (>=1.1.1 <=1.1.2), @anzeblabla/react-native-markdown-editor (>=1.0.3 <=2.1.1) +29 more potentially affected by CVE-2019-25102 via simple-markdown (>=0.0.9 <=0.5.3)

simple-markdown NPM version =0.0.9, =1.1.1, =1.0.3, =1.3.0, =1.0.1, =1.1.1, =1.1.74, =1.0.8, =1.0.4, =2.3.0, =3.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2019-25102 Source advisory: OSV:GHSA-J533-2G8V-PMPG...

@540deg/react-native-simple-markdown (>=1.1.1 <=1.1.2), @anzeblabla/react-native-markdown-editor (>=1.0.3 <=2.1.1) +29 more potentially affected by CVE-2019-25103 via simple-markdown (>=0.0.9 <=0.4.4)

simple-markdown NPM version =0.0.9, =1.1.1, =1.0.3, =1.3.0, =1.0.1, =1.1.1, =1.1.74, =1.0.8, =1.0.4, =2.3.0, =3.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2019-25103 Source advisory: OSV:GHSA-GPVJ-GP8C-C7P2...

Malicious code in fronton-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d44f273938402bf07c8942f200cf613694ff6b357a5800e67b88a47dc620f019 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-461 Malicious code in fronton-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d44f273938402bf07c8942f200cf613694ff6b357a5800e67b88a47dc620f019 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +21426 more potentially affected by CVE-2022-25881 via http-cache-semantics (>=3.7.3 <=4.1.0)

http-cache-semantics NPM version =3.7.3, =1.0.0, =2.5.0, =0.0.1, =0.0.4 - 1095h-cli =1.0.1 - 10secondsofcode-custom =1.0.0 and more Source cves: CVE-2022-25881 Source advisory: OSV:GHSA-RC47-6667-2J5J...

Malicious Package

Overview shopee-ui-react is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

Malicious Package

Overview react-dropzone-3 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Detection of Vulnerabilities in JavaScript Libraries

JavaScript is a popular programming language which is an integral component while developing interactive and dynamic web applications. It allows developers to create engaging and responsive user interfaces, handling complex web page elements, enhancing the overall functionality of the application...

reactrouter.com Open Redirect vulnerability OBB-3151756

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-22491

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

Design/Logic Flaw

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

MAL-2023-49 Malicious code in @playgami/eslint-config-portal-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4be15151b5b32f83c0928b720d19807598f2d07da01e47b15a580083f99000f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Grafana -- Stored XSS in text panel plugin

Grafana Labs reports: During an internal audit of Grafana on January 1, a member of the security team found a stored XSS vulnerability affecting the core text plugin. The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due...

Malicious code in experience-template-renderer-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afa26f6f8649c313b48cb94b98dd23d01c15d0bc8cce3dfdfa2af4e410b133ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

01-numacert (>=1.0.0 <=3.0.0), 10by10-react-app (=1.2.1) +3839 more potentially affected by CVE-2022-24999 via qs (>=6.5.0 <=6.5.2)

qs NPM version =6.5.0, =1.0.0, =0.2.0, =0.1.0, =1.0.0, =1.0.3, =0.0.1-bate.30, =0.0.1, =0.0.1, =1.0.0, =12.1.0, =6.0.0, =7.12.0 and more Source cves: CVE-2022-24999 Source advisory: OSV:GHSA-HRPP-H998-J3PP...

MAL-2022-2121 Malicious code in commerce-sdk-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b493faaa84a8ccd6bcc5a53210a270e361868038633326c140d91f6ef9fce23b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in commerce-sdk-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b493faaa84a8ccd6bcc5a53210a270e361868038633326c140d91f6ef9fce23b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...