MAL-2025-191582

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/react-mandes/MAL-2025-191582.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191582
Aliases
  • SNYK-JS-REACTMANDES-14152287
Published
2025-12-01T13:22:29Z
Modified
2026-03-19T12:47:44.208154Z
Summary
Malicious code in react-mandes (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (8242aeb2b6b10985e7b4c0a35cb731d81095b7f039aea2886d0c4c35ffa5d9ea)

The package react-mandes was found to contain malicious code.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.1.4"
            ],
            "sha256": "e5cfba51cc292f5ad11cf139ee51d113e9402e0951978df043ad4dec52d155c5",
            "modified_time": "2025-12-01T13:22:29Z",
            "source": "reversing-labs",
            "id": "RLMA-2025-05927",
            "import_time": "2025-12-02T09:09:53.281338542Z"
        },
        {
            "versions": [
                "1.1.4"
            ],
            "sha256": "8242aeb2b6b10985e7b4c0a35cb731d81095b7f039aea2886d0c4c35ffa5d9ea",
            "modified_time": "2025-12-02T21:11:00Z",
            "source": "amazon-inspector",
            "import_time": "2025-12-02T21:35:52.265276056Z"
        },
        {
            "sha256": "ee17c53efa00cfaf190a57f99eff4a9752b28a427bcee630f21da494dbee7bd7",
            "modified_time": "2025-12-23T08:26:47Z",
            "source": "reversing-labs",
            "id": "RLUA-2025-06458",
            "import_time": "2025-12-24T10:07:35.50477643Z"
        },
        {
            "sha256": "de37e0dfe88db82f9cb240bbdbe68aae7570d5e6218f51de9b515e17817bb224",
            "modified_time": "2026-03-18T13:06:26Z",
            "source": "reversing-labs",
            "id": "RLUA-2026-01528",
            "import_time": "2026-03-19T12:20:57.753020418Z"
        }
    ]
}
References
Credits

Affected packages

npm / react-mandes

Package

Affected ranges

Affected versions

1.*
1.1.4

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/react-mandes/MAL-2025-191582.json"