4917 matches found
Malicious Package
Overview react-sdkk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious code in react-sdkk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5be5e5cc941dec9a36d78d9de45e31cd604e0efacd37d1b78b62e452689b2cb7 The package react-sdkk was found to contain malicious code. Source: ghsa-malware 60e38e54e0f061a0da679900787b26c8949e350345b5ae5e12688321574bd4c7 Any...
React Native Community CLI remote command execution
Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...
React Native Community CLI remote command execution
Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...
Exploit for Deserialization of Untrusted Data in Facebook React
RSC Sentinel CVE-2025-55182 Next.js / React Server Components...
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnChecksaid it first observed exploitation of CVE-2025-11953 aka Metro4Shell on December 21, 2025. With a...
Malicious code in react-responsive-carousel-v4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 544d7ca19589218beb2b384a9e4e1ce7f64b130015ea62978f81adc7c6be5934 The package react-responsive-carousel-v4 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-684 Malicious code in react-responsive-carousel-v4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 544d7ca19589218beb2b384a9e4e1ce7f64b130015ea62978f81adc7c6be5934 The package react-responsive-carousel-v4 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-666 Malicious code in transform-react-display-name (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad21ba0cb042f576642dd61d0639ac6da6cec5a468ff7b5cf0aab9164667bcb0 The package transform-react-display-name was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview transform-react-display-name is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in typescript-react-apollo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54ad53847415b01595a09cd7ec959129e610fe93b14b7f3ea880816bee2c8e97 The package typescript-react-apollo was found to contain malicious code. Source: ghsa-malware...
Malicious code in transform-react-display-name (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad21ba0cb042f576642dd61d0639ac6da6cec5a468ff7b5cf0aab9164667bcb0 The package transform-react-display-name was found to contain malicious code. Source: ghsa-malware...
MAL-2026-668 Malicious code in typescript-react-apollo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54ad53847415b01595a09cd7ec959129e610fe93b14b7f3ea880816bee2c8e97 The package typescript-react-apollo was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview typescript-react-apollo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious code in react-dnd-legacy-html5-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d549162491e3ef2900daafc0bb49291caef1538d4406a75ec4b80e12ac18fc26 The package react-dnd-legacy-html5-backend was found to contain malicious code. Source: ghsa-malware...
MAL-2026-657 Malicious code in react-dnd-legacy-html5-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d549162491e3ef2900daafc0bb49291caef1538d4406a75ec4b80e12ac18fc26 The package react-dnd-legacy-html5-backend was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview react-dnd-legacy-html5-backend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +6 more potentially affected by CVE-2026-24737 via jspdf (=4.0.0)
jspdf NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jspdf and may be impacted: - @armco/armory-react-components =0.0.23, =0.1.2, =1.0.8, =1.4.0, =0.5.129, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-24737 Source advisory:...
Denial-of-Service (DoS)
React Server Components packages are vulnerable to Denial-Of-Service DoS. The vulnerability is due to insufficient validation and resource handling in Server Function request processing, where specially crafted HTTP requests to server function endpoints can trigger excessive CPU usage, memory...
MAL-2026-647 Malicious code in react-native-expofp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4359b8fd752707d568aa82cc795ecb3a73be0444e93f02795686a048bc2de8a1 The package react-native-expofp was found to contain malicious code. Source: ghsa-malware...