MAL-2025-29478 Malicious code in polaris-viz-native (npm)

The package polaris-viz-native was found to contain malicious code...

MAL-2025-17892 Malicious code in cypress-antares-passport-native (npm)

The package cypress-antares-passport-native was found to contain malicious code...

Malicious code in react-native-cmoponents (npm)

The package react-native-cmoponents was found to contain malicious code...

MAL-2025-31898 Malicious code in reatc-native-components (npm)

The package reatc-native-components was found to contain malicious code...

N-able N-central 安全漏洞

N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.3.1 that stems from the fact that...

CVE-2025-8859

A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit...

CVE-2025-8859 code-projects eBlog Site File Upload save-slider.php unrestricted upload

A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit...

BIT-LIBPHP-2024-8929 Leak partial content of the heap through heap buffer over-read in mysqlnd

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server...

BIT-LIBPHP-2022-31626 mysqlnd/pdo password buffer overflow

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can...

LitmusChaos 安全漏洞

LitmusChaos is a program open-sourced by Litmus Chaos that practices chaos engineering in a cloud-native manner. A security vulnerability exists in LitmusChaos 3.19.0 and earlier versions, which stems from improper handling of the parameter projectID, which could lead to improper control of...

Malicious code in react-native-kraken-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6dd9f629078cdad7b927b9f85f1d8b3a5d381a6009e08c65eafca6272b20cbf2 The OpenSSF Package Analysis project identified 'react-native-kraken-oauth' @ 1.0.1 npm as malicious. It is considered malicious because: - The...

MAL-2025-6806 Malicious code in react-native-kraken-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6dd9f629078cdad7b927b9f85f1d8b3a5d381a6009e08c65eafca6272b20cbf2 The OpenSSF Package Analysis project identified 'react-native-kraken-oauth' @ 1.0.1 npm as malicious. It is considered malicious because: - The...

CVE-2025-54594

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

CVE-2025-54594

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

react-native-bottom-tabs 安全漏洞

react-native-bottom-tabs is the native bottom tabs of a Callstack Incubator open source. A security vulnerability exists in react-native-bottom-tabs version 0.9.2 and earlier, which stems from the improper use of the pullrequesttarget event trigger in the GitHub Actions workflow, and could lead t...

CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

CVE-2025-54594

React-native-bottom-tabs

CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

PT-2025-32002

Name of the Vulnerable Software and Affected Versions: react-native-bottom-tabs versions 0.9.2 and earlier Description: The react-native-bottom-tabs library improperly used the pull request target event trigger in the github/workflows/release-canary.yml GitHub Actions workflow. This allowed...