76 matches found
CVE-2026-27704
The CVE-2026-27704 issue affects the Dart SDKs and Flutter SDKs prior to versions 3.11.0 and 3.41.0, respectively. During package extraction in the pub cache (via dart pub and flutter pub), a malicious package archive could cause files to be written outside the destination directory due to a path...
PT-2026-21924
Name of the Vulnerable Software and Affected Versions Dart SDK versions prior to 3.11.0 Flutter SDK versions prior to 3.41.0 Description The Dart and Flutter SDKs are susceptible to a path traversal issue within the pub client dart pub and flutter pub when extracting package archives from the PUB...
EUVD-2022-42524
Malicious code in bioql PyPI...
EUVD-2024-44912
Malicious code in bioql PyPI...
Malicious code in @flutter-global/uki-gaming-commits (npm)
The package @flutter-global/uki-gaming-commits was found to contain malicious code...
Malicious code in tdesign-flutter (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-6766 Malicious code in tdesign-flutter (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-3299 Malicious code in @flutterfire/source-api-reference (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2022-3095
The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '' characters in URIs, which can lead to auth bypass in webapp...
CVE-2024-50486
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API acnoo-flutter-api allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through = 1.0.5...
CVE-2024-54462 Unsanitized Filenames in Flutter package image_picker_android Allow File Overwrites
The file names constructed within imagepicker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could...
CVE-2024-54461 Unsanitized Filenames in Flutter package file_selector_android Allow File Overwrites
The file names constructed within fileselector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could...
MAL-2025-189 Malicious code in flutter_inappwebview (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 394e259ceac6eb2a72e92a5882933facc39e1ad19e0bf1a6b908a92ce115a28f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in shoots-flutter (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6a612693cb09ca6ca66ccd908b99293ec9ade7b7a719b78f0743332cba338071 Importing the module triggers sending out the hostname to the package author. It looks to be a placeholder/pentest activity related to BytedDance. --- Category...
MAL-2025-987 Malicious code in shoots-flutter (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6a612693cb09ca6ca66ccd908b99293ec9ade7b7a719b78f0743332cba338071 Importing the module triggers sending out the hostname to the package author. It looks to be a placeholder/pentest activity related to BytedDance. --- Category...
Malicious code in flutter-angular-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f9260d321765ddb3fe1ce34c703f7caa0678c61f5701aa82730d092fcb83373 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11142 Malicious code in flutter-angular-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f9260d321765ddb3fe1ce34c703f7caa0678c61f5701aa82730d092fcb83373 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
North Korean Hackers Target macOS Using Flutter-Embedded Malware
Threat actors with ties to the Democratic People's Republic of Korea DPRK aka North Korea have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery...
CVE-2024-50486
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5...
CVE-2024-50486
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API acnoo-flutter-api allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through = 1.0.5...