676 matches found
EUVD-2026-41437
react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...
CVE-2026-58460 react-native-receive-sharing-intent Path Traversal via _display_name
react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...
MAL-2026-6153 Malicious code in datapersistence-profiling (npm)
The npm package datapersistence-profiling published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
MAL-2026-6170 Malicious code in onesignal-hooks (npm)
The npm package onesignal-hooks published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
MAL-2026-6181 Malicious code in virtualization-compression-collapse (npm)
The npm package virtualization-compression-collapse published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
MAL-2026-6151 Malicious code in buildautomation-touch (npm)
The npm package buildautomation-touch published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
@knocklabs/client (>=0.21.6 <=0.21.13), @knocklabs/expo (>=0.5.0 <=0.6.7) +8 more potentially affected by CVE-2026-32689 via phoenix (>=1.8.0 <=1.8.5)
phoenix NPM version =1.8.0, =0.21.6, =0.5.0, =0.1.0, =0.1.1, =0.1.1, =0.0.2, =0.0.1, =0.0.2, =0.0.1, =2.1.8, =2.5.1 Source cves: CVE-2026-32689 Source advisory: SNYK:JS-PHOENIX-16425773...
Malicious Package
Overview react-native-parallax-scroll-view-updated is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious code in pos-next-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17462b618deafef53af5cb939d0240f899e18139f020fa631b898d2862bc6a08 The package pos-next-react-native was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3281 Malicious code in pos-next-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17462b618deafef53af5cb939d0240f899e18139f020fa631b898d2862bc6a08 The package pos-next-react-native was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-native-parallax-scroll-view-updated (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
MAL-2026-3262 Malicious code in react-native-parallax-scroll-view-updated (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
MAL-2026-2386 Malicious code in react-native-forter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff4ae821a2636c10a3e19afaaf78823613bcedf143d91c79cbdec29f20b00654 The package react-native-forter was found to contain malicious code...
Malicious code in react-native-forter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff4ae821a2636c10a3e19afaaf78823613bcedf143d91c79cbdec29f20b00654 The package react-native-forter was found to contain malicious code...
MAL-2026-1931 Malicious code in react-native-country-select (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 769c13bead812dac05aaece43d165b10a7574c48a0a030b703e022325f736380 The package react-native-country-select was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-native-country-select (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 769c13bead812dac05aaece43d165b10a7574c48a0a030b703e022325f736380 The package react-native-country-select was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-native-international-phone-number (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f86d66bcbb0f2abf075d3d4ce6a18c3a8ec1563e35087a9fe409f56f9fb64a9f The package react-native-international-phone-number was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1932 Malicious code in react-native-international-phone-number (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f86d66bcbb0f2abf075d3d4ce6a18c3a8ec1563e35087a9fe409f56f9fb64a9f The package react-native-international-phone-number was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview react-native-international-phone-number is an International mobile phone input component with mask for React Native Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised and a malicious version was released on...
Embedded Malicious Code
Overview react-native-country-select is a 🌍 React Native country picker with flags, search, TypeScript, i18n, and offline support. Lightweight, customizable, and designed with a modern UI. Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this...