MAL-2025-4776 Malicious code in @gluestack-ui/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 17982e09dcf1a69caf714afad49b310371d80fe7260bf21fcad08da2a07df00c React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4787 Malicious code in @react-native-aria/separator (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c4f88a3038167bc7dfee653f5f7da062761079e770fccd80c28832842ac9c014 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4790 Malicious code in @react-native-aria/tabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 9b37ef96f1f4f67e95f3c2e425a1e3ec62db2db5ef00217c25bf38990a69ec28 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4788 Malicious code in @react-native-aria/slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3e5580844fc6f63010dfda70e7d9c4cebd2672099bb2d66c49ebbe671f511ba1 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4778 Malicious code in @react-native-aria/checkbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ddc6ca13c84757389a8703ee553981d86519fdeca6112152dc3bf344c98ea337 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

Malicious code in waterline-mongo-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b59ac87de0044bdf2154f6f15d3b82b244bc9c62b29835eb050f3b9b215437b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4908 Malicious code in waterline-mongo-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b59ac87de0044bdf2154f6f15d3b82b244bc9c62b29835eb050f3b9b215437b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-native-atob (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b91f4867862f09ae93e8c5413e74fc6e717d421419c933ef721bf15df14c6e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4873 Malicious code in react-native-atob (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b91f4867862f09ae93e8c5413e74fc6e717d421419c933ef721bf15df14c6e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@agreejs/cli (>=0.0.1 <=3.2.43), @agreejs/rn-runner (>=3.2.1 <=3.2.15) +98 more potentially affected by CVE-2025-5896 via taro-css-to-react-native (>=1.3.0-beta.1 <=4.1.2-alpha.2)

taro-css-to-react-native NPM version =1.3.0-beta.1, =0.0.1, =3.2.1, =3.2.1, =1.0.0, =1.0.0, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0, =1.1.5, =1.0.0, =1.3.2 - @c-art/convert-cli =1.1.0 - @d-bigfish/cli =1.0.14 - @d1m-atom/taro-vue-cli =1.0.5 and more Source cves: CVE-2025-5896 Source advisory:...

GHSA-F5XG-CFPJ-2MW6 taro-css-to-react-native Regular Expression Denial of Service vulnerability

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...

GHSA-FJ44-H6XW-896G react-native-keys insecurely stores encryption cipher and Base64 chunks

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

CVE-2025-45001

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

CVE-2025-45001

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

CVE-2025-45001

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

WordPress plugin Petito 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Nitan 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

npm react-native-keys 安全漏洞

npm react-native-keys is a mobile environment variable security library from US-based npm. A security vulnerability exists in npm react-native-keys version 0.7.11, which stems from encrypted passwords and Base64 blocks being stored in plaintext in compiled native binaries, potentially leading to...

WordPress plugin Blogmine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Blogmine plugin that stems from improper filename control and can be exploited by an attacker to cause PHP native file...

NervJS taro 安全漏洞

NervJS taro is an open cross-end cross-framework solution open-sourced by NervJS. A security vulnerability exists in NervJS taro version 4.1.1 and earlier, which stems from an incorrect manipulation of the file taro/packages/css-to-react-native/src/index.js resulting in inefficient regular...