K000159700: React framework vulnerability CVE-2026-23864

Security Advisory Description Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests ...

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

PT-2025-50722

Name of the Vulnerable Software and Affected Versions React versions 19.0.0 through 19.2.1 react-server-dom-parcel versions 19.0.0 through 19.2.1 react-server-dom-turbopack versions 19.0.0 through 19.2.1 react-server-dom-webpack versions 19.0.0 through 19.2.1 Description An information leak issue...

PT-2025-50723

Name of the Vulnerable Software and Affected Versions React Server Components versions 19.0.0 through 19.2.1 react-server-dom-parcel versions 19.0.0 through 19.2.1 react-server-dom-turbopack versions 19.0.0 through 19.2.1 react-server-dom-webpack versions 19.0.0 through 19.2.1 Description A...

EUVD-2025-175586

Malicious code in webpack-less-heliophysics-wavefunction npm...

EUVD-2025-120514

Malicious code in webpack-zenith-winston-changelog npm...

EUVD-2025-111182

Malicious code in meteor-sagitta-gravity-webpack npm...

MAL-2025-149400 Malicious code in webpack-kaus-flare-rehype (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75e99fda20e82afdea814a9ed77b877a7de3a8764ca4fffd9bd6948b8fd273ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-116713

Malicious code in antares-acamar-betelgeuse-webpack npm...

EUVD-2025-115625

Malicious code in castor-cordelia-neptune-webpack npm...

EUVD-2025-120538

Malicious code in webpack-carpo-enceladus-aether npm...

EUVD-2025-114665

Malicious code in dactyl-inquirer-version-webpack npm...

EUVD-2025-33739

Malicious code in webpack-css-branch-loader npm...

MAL-2025-44376 Malicious code in ganymede-webpack-triton-castor (npm)

The package ganymede-webpack-triton-castor was found to contain malicious code...

MAL-2025-41257 Malicious code in @uit-spritesmith/webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 26ec1ae1c565770377c72c56c41c0a0ec1387c318225b2c8b2db2c255c96839c The OpenSSF Package Analysis project identified '@uit-spritesmith/webpack' @ 0.1.3 npm as malicious. It is considered malicious because: - The...

Malicious code in chakra-ui-blitz-blitz-webpack (npm)

The package chakra-ui-blitz-blitz-webpack was found to contain malicious code...

Malicious code in charon-npm-webpack-venus (npm)

The package charon-npm-webpack-venus was found to contain malicious code...

MAL-2025-39020 Malicious code in webpack-bootstrap-halley-ophiuchus (npm)

The package webpack-bootstrap-halley-ophiuchus was found to contain malicious code...

Malicious code in webpack-lithosphere-playwright-altair (npm)

The package webpack-lithosphere-playwright-altair was found to contain malicious code...

Malicious code in webpack-xenon-registry-biohacking (npm)

The package webpack-xenon-registry-biohacking was found to contain malicious code...