Lucene search
K

4917 matches found

Snyk
Snyk
added 2026/02/02 8:30 a.m.4 views

Malicious Package

Overview react-native-expofp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/02 8:30 a.m.9 views

Malicious code in react-native-expofp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4359b8fd752707d568aa82cc795ecb3a73be0444e93f02795686a048bc2de8a1 The package react-native-expofp was found to contain malicious code. Source: ghsa-malware...

5.4AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/31 5:43 a.m.147 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55...

10CVSS5.9AI score0.99562EPSS
Exploits386
EUVD
EUVD
added 2026/01/29 3:0 p.m.8 views

EUVD-2026-4673

React Server Components have multiple Denial of Service Vulnerabilities...

7.5CVSS5.9AI score0.02329EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/01/29 3:0 p.m.10 views

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +18 more potentially affected by CVE-2026-23864 via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

7.5CVSS7.4AI score0.02329EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/29 3:0 p.m.7 views

@cedarjs/api-server (>=1.0.0-canary.12863 <=3.0.0-canary.13332), @cedarjs/cli (>=1.0.0-canary.12863 <=3.0.0-canary.13332) +10 more potentially affected by CVE-2026-23864 via react-server-dom-webpack (>=19.2.1 <=19.2.3)

react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

7.5CVSS7.4AI score0.02329EPSS
Exploits0
OSV
OSV
added 2026/01/29 3:0 p.m.6 views

GHSA-83FC-FQCC-2HMG React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

7.5CVSS6AI score0.02329EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/01/29 3:0 p.m.19 views

React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

7.5CVSS5.9AI score0.02329EPSS
Exploits0References5Affected Software3
GithubExploit
GithubExploit
added 2026/01/29 7:56 a.m.146 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182-PoC-http-exec PoC terkait CVE-2025-55182 untu...

10CVSS6AI score0.99562EPSS
Exploits372
Snyk
Snyk
added 2026/01/28 4:33 p.m.3 views

Malicious Package

Overview acces-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.2 views

Malicious Package

Overview @aftersale/react-eva is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/01/28 3:38 p.m.3 views

GHSA-H25M-26QC-WCJF Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23864. A specially crafted HTTP...

7.5CVSS5.9AI score0.02329EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/01/28 3:38 p.m.98 views

Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23864. A specially crafted HTTP...

7.5CVSS5.9AI score0.02329EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/28 3:18 p.m.7 views

CVE-2026-23864

A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service DoS, causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby...

7.5CVSS7.6AI score0.02329EPSS
Exploits0References5
OSV
OSV
added 2026/01/28 8:21 a.m.8 views

MAL-2026-626 Malicious code in react-toast-cold (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10dcf80d6b6e15bcfb18c2f1a4211efd1c79f6f66e8aa34bbab7107a90d1da86 The package react-toast-cold was found to contain malicious code. Source: ghsa-malware dc67550f336ea3c52946bb6d0ab4f031eee7a60cc562b0fd4220750c72f086...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/28 8:21 a.m.6 views

Malicious code in react-toast-cold (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10dcf80d6b6e15bcfb18c2f1a4211efd1c79f6f66e8aa34bbab7107a90d1da86 The package react-toast-cold was found to contain malicious code. Source: ghsa-malware dc67550f336ea3c52946bb6d0ab4f031eee7a60cc562b0fd4220750c72f086...

5.5AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/27 10:6 a.m.146 views

Exploit for Deserialization of Untrusted Data in Facebook React

!Image Althttps://github.com/AsadAhmad-1337/React-2-Shell/blo...

10CVSS7.5AI score0.99562EPSS
Exploits372
Snyk
Snyk
added 2026/01/27 8:15 a.m.3 views

Malicious Package

Overview @spx-delivery/react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
F5 Networks
F5 Networks
added 2026/01/27 2:9 a.m.16 views

K000159700: React framework vulnerability CVE-2026-23864

Security Advisory Description Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests ...

7.5CVSS5.9AI score0.02329EPSS
Exploits0
NVD
NVD
added 2026/01/26 8:16 p.m.6 views

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

7.5CVSS0.02329EPSS
Exploits0References5
Rows per page
Query Builder