168 matches found
CVE-2025-67489
@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...
CVE-2025-67489 @vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server
@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...
PT-2025-50276
Name of the Vulnerable Software and Affected Versions @vitejs/plugin-rs versions 0.5.5 and below Description The @vitejs/plugin-rs software, which provides React Server Components RSC support for Vite, contains a flaw that could allow for arbitrary remote code execution on the development server...
Vite Plugin React 代码注入漏洞
Vite Plugin React is an open source plugin for Vite. A code injection vulnerability exists in Vite Plugin React 0.5.5 and earlier versions, which stems from an insecure dynamic import in the Server Functions API that could lead to remote code execution...
Arbitrary Code Injection
Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe dynamic imports in the loadServerAction, decodeReply, and decodeAction server APIs. An attacker can execute arbitrary JavaScript...
@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server
Summary Arbitrary Remote Code Execution on development server via unsafe dynamic imports in @vitejs/plugin-rsc server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC applications that expose server function endpoints. Impact Attackers with network access to the...
GHSA-FMH4-WR37-44FP React Server Components are Vulnerable to RCE
Summary @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained an unauthenticated remote code execution vulnerability in versions prior to 19.0.1, 19.1.2, and 19.2.1. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r...
React Server Components are Vulnerable to RCE
Summary @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained an unauthenticated remote code execution vulnerability in versions prior to 19.0.1, 19.1.2, and 19.2.1. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-198722
Malicious code in @ensdomains/vite-plugin-i18next-loader npm...
MAL-2025-190741 Malicious code in @ensdomains/vite-plugin-i18next-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473280de7d29dd017bfa50f0826a0aa810d204a6949fe49d6753ff28ff61d505 The package @ensdomains/vite-plugin-i18next-loader was found to contain malicious code. Source: ghsa-malware...
Malicious code in @ensdomains/vite-plugin-i18next-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473280de7d29dd017bfa50f0826a0aa810d204a6949fe49d6753ff28ff61d505 The package @ensdomains/vite-plugin-i18next-loader was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190787 Malicious code in vite-plugin-httpfile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d63741ea6b6aadbc224aabf56e98c5eb7b664d7554dbb502869a97ffffb2f46 The package vite-plugin-httpfile was found to contain malicious code. Source: ghsa-malware...
Malicious code in vite-plugin-httpfile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d63741ea6b6aadbc224aabf56e98c5eb7b664d7554dbb502869a97ffffb2f46 The package vite-plugin-httpfile was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198792
Malicious code in vite-plugin-httpfile npm...
Malicious code in vite-plugin-postcss-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4552bafe10098b91c4ce3128c885efb1c472d7f7c18b7bca5d2b174ed097e396 The package vite-plugin-postcss-tools was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-50835
Malicious code in vite-plugin-postcss-tools npm...
EUVD-2025-36421
Malicious code in vite-plugin-es6-compat npm...
Malicious code in vite-plugin-es6-compat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3963df81ab545839d03c3c54ab9ee88549e38a44b32fe6ad05002d554da780b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48915 Malicious code in vite-plugin-es6-compat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3963df81ab545839d03c3c54ab9ee88549e38a44b32fe6ad05002d554da780b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...