Lucene search
+L

677 matches found

Snyk
Snyk
added 2026/03/15 11:0 p.m.8 views

Embedded Malicious Code

Overview react-native-country-select is a 🌍 React Native country picker with flags, search, TypeScript, i18n, and offline support. Lightweight, customizable, and designed with a modern UI. Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this...

9.8CVSS5.8AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/04 6:18 p.m.7 views

@zextras/carbonio-design-system (=12.0.3), react-native-github-markdown (>=2.1.0 <=2.2.0) potentially affected by CVE-2025-68467 via darkreader (>=4.7.15 <=4.9.105)

darkreader NPM version =4.7.15, =2.1.0, =2.2.0 Source cves: CVE-2025-68467 Source advisory: SNYK:JS-DARKREADER-15441035...

3.4CVSS5.8AI score0.00108EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/04 6:18 p.m.10 views

@zextras/carbonio-design-system (=12.0.3), react-native-github-markdown (>=2.1.0 <=2.2.0) potentially affected by CVE-2025-68467 via darkreader (>=4.7.15 <=4.9.105)

darkreader NPM version =4.7.15, =2.1.0, =2.2.0 Source cves: CVE-2025-68467 Source advisory: OSV:GHSA-X369-MCW8-8RVJ...

3.4CVSS5.8AI score0.00108EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.6 views

React Native Community CLI Server API Node.js Package 4.8.0 < 20.0.0 Remote Code Execution (CVE-2025-11953)

The version of the React Native Community CLI Server API Node.js Package installed on the remote host is 4.8.0 prior to 20.0.0. It is, therefore, affected by a remote code execution vulnerability: - The Metro Development Server, which is opened by the React Native Community CLI, binds to external...

9.8CVSS6.9AI score0.62378EPSS
Exploits5References2
CISA
CISA
added 2026/02/05 12:0 p.m.27 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-11953link is external React Native Community CLI OS Command Injection Vulnerability CVE-2026-24423link is external SmarterTools SmarterMail Missing...

9.8CVSS5.5AI score0.87693EPSS
In wildExploits5References7
CISA KEV Catalog
CISA KEV Catalog
added 2026/02/05 12:0 a.m.11 views

React Native Community CLI OS Command Injection Vulnerability

React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary executables via a vulnerable endpoint exposed by the server. On Windows, attackers can also execute...

9.8CVSS5.8AI score0.62378EPSS
In wildExploits5
Saint
Saint
added 2026/02/04 12:0 a.m.157 views

React Native Community CLI remote command execution

Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...

9.8CVSS6.2AI score0.62378EPSS
Exploits5
Saint
Saint
added 2026/02/04 12:0 a.m.102 views

React Native Community CLI remote command execution

Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...

9.8CVSS6.1AI score0.62378EPSS
Exploits5
The Hacker News
The Hacker News
added 2026/02/03 2:0 p.m.18 views

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnChecksaid it first observed exploitation of CVE-2025-11953 aka Metro4Shell on December 21, 2025. With a...

9.8CVSS6.6AI score0.62378EPSS
Exploits5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/02 8:30 a.m.9 views

Malicious code in react-native-expofp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4359b8fd752707d568aa82cc795ecb3a73be0444e93f02795686a048bc2de8a1 The package react-native-expofp was found to contain malicious code. Source: ghsa-malware...

5.4AI score
Exploits0References1
Snyk
Snyk
added 2026/02/02 8:30 a.m.7 views

Malicious Package

Overview react-native-expofp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/02/02 8:30 a.m.5 views

MAL-2026-647 Malicious code in react-native-expofp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4359b8fd752707d568aa82cc795ecb3a73be0444e93f02795686a048bc2de8a1 The package react-native-expofp was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/01/19 5:24 a.m.5 views

Malicious Package

Overview react-native-webview-forked is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.5AI score
Exploits0References2
EUVD
EUVD
added 2026/01/19 5:24 a.m.6 views

EUVD-2026-3258

Malicious code in react-native-webview-forked npm...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/19 5:24 a.m.12 views

Malicious code in react-native-webview-forked (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48574c96ad66df5527d36dccb8f8c425b244bb90c2ac49491618968865ccd7da The package react-native-webview-forked was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/01/19 5:24 a.m.9 views

MAL-2026-348 Malicious code in react-native-webview-forked (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48574c96ad66df5527d36dccb8f8c425b244bb90c2ac49491618968865ccd7da The package react-native-webview-forked was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/12 9:53 a.m.183 views

Exploit for CVE-2025-11953

CVE-2025-11953 - React Native CLI RCE Research Environment !...

9.8CVSS7.8AI score0.62378EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.7 views

CVE-2023-25933

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, mos...

9.8CVSS9.6AI score0.00891EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.5 views

CVE-2019-12164

ubuntu-server.js in Status React Native Desktop before v0.57.8mobileui allows Remote Code Execution...

9.8CVSS7.4AI score0.04074EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/06 12:58 p.m.5 views

EUVD-2026-1122

Malicious code in react-native-kyc npm...

6.6AI score
Exploits0References1
Rows per page
Query Builder