Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

React-native Security Vulnerabilities

cve
cve

CVE-2021-4438

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-04-07 09:15 AM
28
cve
cve

CVE-2024-21668

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

4.9CVSS

4.7AI Score

0.001EPSS

2024-01-09 07:15 PM
10
cve
cve

CVE-2023-28430

OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues (types: [closed]) (i.e., when an Issue is closed). The workflow starts with full write-permissions GitHub repository token since the default workflow permissions....

8.1CVSS

8.1AI Score

0.001EPSS

2023-03-27 10:15 PM
13
cve
cve

CVE-2022-24373

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of...

7.5CVSS

7.4AI Score

0.002EPSS

2022-09-30 05:15 AM
33
5
cve
cve

CVE-2020-1920

A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version...

7.5CVSS

7.4AI Score

0.001EPSS

2021-06-01 02:15 PM
34
5
cve
cve

CVE-2020-7696

This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked....

5.3CVSS

5.2AI Score

0.001EPSS

2020-07-17 10:15 AM
29
2
cve
cve

CVE-2019-12164

ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code...

9.8CVSS

9.6AI Score

0.045EPSS

2019-07-23 11:15 PM
27
cve
cve

CVE-2017-16028

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG...

5.3CVSS

5.1AI Score

0.001EPSS

2018-06-04 07:29 PM
38
cve
cve

CVE-2016-10697

react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources....

8.1CVSS

8.2AI Score

0.002EPSS

2018-06-04 07:29 PM
23