OSV - Open Source Vulnerabilities

MAL-2026-914

npm/@qualys/react-web

Malicious code in @qualys/react-web (npm)

5 days ago

No fix available

MAL-2026-822

npm/react-svg-handler

Malicious code in react-svg-handler (npm)

09 Feb

No fix available

MAL-2026-755

npm/@jes4l/react-pkg

Malicious code in @jes4l/react-pkg (npm)

05 Feb

No fix available

MAL-2026-747

npm/react-vite-sync

Malicious code in react-vite-sync (npm)

04 Feb

No fix available

MAL-2026-746

npm/react-count-sync

Malicious code in react-count-sync (npm)

04 Feb

No fix available

MAL-2026-713

npm/react-sdkk

Malicious code in react-sdkk (npm)

04 Feb

No fix available

MAL-2026-684

npm/react-responsive-carousel-v4

Malicious code in react-responsive-carousel-v4 (npm)

03 Feb

No fix available

MAL-2026-666

npm/transform-react-display-name

Malicious code in transform-react-display-name (npm)

03 Feb

No fix available

MAL-2026-668

npm/typescript-react-apollo

Malicious code in typescript-react-apollo (npm)

03 Feb

No fix available

MAL-2026-657

npm/react-dnd-legacy-html5-backend

Malicious code in react-dnd-legacy-html5-backend (npm)

03 Feb

No fix available

MAL-2026-647

npm/react-native-expofp

Malicious code in react-native-expofp (npm)

02 Feb

No fix available

GHSA-83fc-fqcc-2hmg

npm/react-server-dom-parcel
npm/react-server-dom-turbopack
npm/react-server-dom-webpack

React Server Components have multiple Denial of Service Vulnerabilities

29 Jan

Fix available
Severity - 7.5 (High)

MAL-2026-626

npm/react-toast-cold

Malicious code in react-toast-cold (npm)

28 Jan

No fix available

MAL-2026-424

npm/plugin-react-swc

Malicious code in plugin-react-swc (npm)

21 Jan

No fix available

MAL-2026-433

npm/wallet-adapter-react

Malicious code in wallet-adapter-react (npm)

21 Jan

No fix available

MAL-2026-356

npm/react-server-dom-unbundled

Malicious code in react-server-dom-unbundled (npm)

20 Jan

No fix available