Malicious code in urql-introspection (npm)

The package 'urql-introspection' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1541 Malicious code in urql-introspection (npm)

The package 'urql-introspection' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious Package

Overview urql-introspection is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

MAL-2026-1337 Malicious code in typescript-urql (npm)

The package 'typescript-urql' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious Package

Overview typescript-urql is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in typescript-urql (npm)

The package 'typescript-urql' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

EUVD-2024-0403

Malicious code in bioql PyPI...

CVE-2024-24556

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...

Cross-site Scripting (XSS)

urql/next is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper sanitization of HTML-like characters in the response stream. An attacker can inject malicious scripts by ensuring that the response returns html tags and that the web-application is using streamed responses...

GHSA-QHJF-HM5J-335W @urql/next Cross-site Scripting vulnerability

impact The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is due to improper escaping of html-like characters in the response-stream...

@enalmada/next-gql (>=0.0.4 <=0.1.3) potentially affected by CVE-2024-24556 via @urql/next (>=1.0.0 <=1.1.0)

@urql/next NPM version =1.0.0, =0.0.4, =0.1.3 Source cves: CVE-2024-24556 Source advisory: OSV:GHSA-QHJF-HM5J-335W...

@urql/next Cross-site Scripting vulnerability

impact The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is due to improper escaping of html-like characters in the response-stream...

CVE-2024-24556

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...

Design/Logic Flaw

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...

CVE-2024-24556 XSS in @urql/next

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...

CVE-2024-24556

CVE-2024-24556 affects the urql family; specifically the @urql/next package is vulnerable to Cross-Site Scripting (XSS). The root cause is improper escaping of HTML-like characters in the response stream, which attackers could exploit when the application uses streamed responses (non-RSC) and the...

CVE-2024-24556 XSS in @urql/next

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...

CVE-2024-24556 XSS in @urql/next

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...

Formidable urql Cross-Site Scripting Vulnerability

Formidable urql is a customizable and versatile GraphQL client from Formidable. A cross-site scripting vulnerability exists in Formidable urql due to incorrect escaping of html-like characters in the response stream...

Microsoft Windows NDISTAPI DoS

During exceptions handling on DeviceNdisTapi device request handling URQL is not returned from DISPATCH level on switching to user mode, leading to crash BSOD with IRQLLESSTHANNOTEQUAL on accessing paged memory...