Lucene search
K

4917 matches found

Snyk
Snyk
added 2026/02/04 4:41 a.m.2 views

Malicious Package

Overview react-sdkk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/04 4:41 a.m.8 views

Malicious code in react-sdkk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5be5e5cc941dec9a36d78d9de45e31cd604e0efacd37d1b78b62e452689b2cb7 The package react-sdkk was found to contain malicious code. Source: ghsa-malware 60e38e54e0f061a0da679900787b26c8949e350345b5ae5e12688321574bd4c7 Any...

5.4AI score
Exploits0References1
Saint
Saint
added 2026/02/04 12:0 a.m.89 views

React Native Community CLI remote command execution

Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...

9.8CVSS6.1AI score0.62378EPSS
Exploits5
Saint
Saint
added 2026/02/04 12:0 a.m.145 views

React Native Community CLI remote command execution

Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...

9.8CVSS6.2AI score0.62378EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/02/03 2:2 p.m.162 views

Exploit for Deserialization of Untrusted Data in Facebook React

RSC Sentinel CVE-2025-55182 Next.js / React Server Components...

10CVSS5.7AI score0.99562EPSS
Exploits372
The Hacker News
The Hacker News
added 2026/02/03 2:0 p.m.14 views

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnChecksaid it first observed exploitation of CVE-2025-11953 aka Metro4Shell on December 21, 2025. With a...

9.8CVSS6.6AI score0.62378EPSS
Exploits5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/03 7:27 a.m.8 views

Malicious code in react-responsive-carousel-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 544d7ca19589218beb2b384a9e4e1ce7f64b130015ea62978f81adc7c6be5934 The package react-responsive-carousel-v4 was found to contain malicious code. Source: ghsa-malware...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/02/03 7:27 a.m.6 views

MAL-2026-684 Malicious code in react-responsive-carousel-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 544d7ca19589218beb2b384a9e4e1ce7f64b130015ea62978f81adc7c6be5934 The package react-responsive-carousel-v4 was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/02/03 3:57 a.m.5 views

MAL-2026-666 Malicious code in transform-react-display-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad21ba0cb042f576642dd61d0639ac6da6cec5a468ff7b5cf0aab9164667bcb0 The package transform-react-display-name was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/02/03 3:57 a.m.3 views

Malicious Package

Overview transform-react-display-name is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/03 3:57 a.m.9 views

Malicious code in typescript-react-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54ad53847415b01595a09cd7ec959129e610fe93b14b7f3ea880816bee2c8e97 The package typescript-react-apollo was found to contain malicious code. Source: ghsa-malware...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/03 3:57 a.m.7 views

Malicious code in transform-react-display-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad21ba0cb042f576642dd61d0639ac6da6cec5a468ff7b5cf0aab9164667bcb0 The package transform-react-display-name was found to contain malicious code. Source: ghsa-malware...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/02/03 3:57 a.m.4 views

MAL-2026-668 Malicious code in typescript-react-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54ad53847415b01595a09cd7ec959129e610fe93b14b7f3ea880816bee2c8e97 The package typescript-react-apollo was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/02/03 3:57 a.m.1 views

Malicious Package

Overview typescript-react-apollo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/03 2:23 a.m.9 views

Malicious code in react-dnd-legacy-html5-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d549162491e3ef2900daafc0bb49291caef1538d4406a75ec4b80e12ac18fc26 The package react-dnd-legacy-html5-backend was found to contain malicious code. Source: ghsa-malware...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/02/03 2:23 a.m.4 views

MAL-2026-657 Malicious code in react-dnd-legacy-html5-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d549162491e3ef2900daafc0bb49291caef1538d4406a75ec4b80e12ac18fc26 The package react-dnd-legacy-html5-backend was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/02/03 2:23 a.m.3 views

Malicious Package

Overview react-dnd-legacy-html5-backend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS5.4AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/02 6:29 p.m.6 views

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +6 more potentially affected by CVE-2026-24737 via jspdf (=4.0.0)

jspdf NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jspdf and may be impacted: - @armco/armory-react-components =0.0.23, =0.1.2, =1.0.8, =1.4.0, =0.5.129, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-24737 Source advisory:...

8.3CVSS7.2AI score0.00532EPSS
Exploits1
Veracode
Veracode
added 2026/02/02 2:13 p.m.8 views

Denial-of-Service (DoS)

React Server Components packages are vulnerable to Denial-Of-Service DoS. The vulnerability is due to insufficient validation and resource handling in Server Function request processing, where specially crafted HTTP requests to server function endpoints can trigger excessive CPU usage, memory...

7.5CVSS5.4AI score0.02329EPSS
Exploits0References8Affected Software4
OSV
OSV
added 2026/02/02 8:30 a.m.5 views

MAL-2026-647 Malicious code in react-native-expofp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4359b8fd752707d568aa82cc795ecb3a73be0444e93f02795686a048bc2de8a1 The package react-native-expofp was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
Rows per page
Query Builder