57 matches found
EUVD-2026-38121
capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded function using dynamic instrumentation to bypass biometric authenticati...
CVE-2026-56294
The CVE-2026-56294 vulnerability affects capacitor-native-biometric (before 12.128.2). The onAuthenticationSucceeded() path fails to validate CryptoObject parameters, enabling an attacker to bypass biometric authentication by hooking the function via dynamic instrumentation. This can allow access...
Malicious code in capacitor-plugin-service-worker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36f1958d8bc44724a00d45b291983ad836dc2f28370c27f83c76f7bf1780bd4b The package capacitor-plugin-service-worker was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3327 Malicious code in capacitor-plugin-service-worker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36f1958d8bc44724a00d45b291983ad836dc2f28370c27f83c76f7bf1780bd4b The package capacitor-plugin-service-worker was found to contain malicious code. Source: ossf-package-analysis...
@clerk/chrome-extension (>=3.0.0 <=3.1.32-canary.v20260529204536), @clerk/expo (>=3.0.0 <=3.3.1-canary.v20260529204536) +3 more potentially affected by CVE-2026-42349 via @clerk/clerk-js (>=6.0.1-canary.v20260303211310 <=6.7.5-snapshot.v20260421194054)
@clerk/clerk-js NPM version =6.0.1-canary.v20260303211310, =3.0.0, =3.0.0, =0.2.13, =0.2.0, =0.8.3 - tauri-plugin-clerk =0.1.1 Source cves: CVE-2026-42349 Source advisory: SNYK:JS-CLERKCLERKJS-16347748...
Improper Authentication
Overview @capgo/capacitor-native-biometric is a This plugin gives access to the native biometric apis for android and iOS Affected versions of this package are vulnerable to Improper Authentication via the onAuthenticationSucceeded function. An attacker can gain unauthorized access by hooking and...
cap-go/capacitor-native-biometric Authentication Bypass
There is a potential issue with the cap-go/capacitor-native-biometric library. --- Summary The cap-go/capacitor-native-biometric library was found to be subject to an authentication bypass as the current implementation of the onAuthenticationSucceeded does not appear to handle a...
@authnlabs/authn (>=1.0.10 <=1.0.18), @s-ui/sui-tool-app (>=1.5.0 <=1.27.0) potentially affected by unknown CVE via @capgo/capacitor-native-biometric (>=5.1.1 <=6.0.4)
@capgo/capacitor-native-biometric NPM version =5.1.1, =1.0.10, =1.5.0, =1.27.0 Source cves: unknown CVE Source advisory: OSV:GHSA-VX5F-VMR6-32WF...
GHSA-VX5F-VMR6-32WF cap-go/capacitor-native-biometric Authentication Bypass
There is a potential issue with the cap-go/capacitor-native-biometric library. --- Summary The cap-go/capacitor-native-biometric library was found to be subject to an authentication bypass as the current implementation of the onAuthenticationSucceeded does not appear to handle a...
EUVD-2025-198906
Malicious code in capacitor-voice-recorder-wav npm...
MAL-2025-190921 Malicious code in capacitor-voice-recorder-wav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15d039d86e89d2e74c80f640d3c4dc358a5e3fc0b972d07a1d08b9c5dee3dad9 The package capacitor-voice-recorder-wav was found to contain malicious code. Source: ghsa-malware...
Malicious code in capacitor-voice-recorder-wav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15d039d86e89d2e74c80f640d3c4dc358a5e3fc0b972d07a1d08b9c5dee3dad9 The package capacitor-voice-recorder-wav was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in capacitor-plugin-purchase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54ff438ebca922d9d6cb6a8a96700003065dbfc0ed65a5984edec2d5f5d37751 The package capacitor-plugin-purchase was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198841
Malicious code in capacitor-plugin-purchase npm...
MAL-2025-190836 Malicious code in capacitor-plugin-purchase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54ff438ebca922d9d6cb6a8a96700003065dbfc0ed65a5984edec2d5f5d37751 The package capacitor-plugin-purchase was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198842
Malicious code in capacitor-plugin-apptrackingios npm...
Malicious code in capacitor-plugin-apptrackingios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db2b5d0386124d893499ec984d85876c5267739a62e53b776e829c3449a7cee8 The package capacitor-plugin-apptrackingios was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190835 Malicious code in capacitor-plugin-apptrackingios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db2b5d0386124d893499ec984d85876c5267739a62e53b776e829c3449a7cee8 The package capacitor-plugin-apptrackingios was found to contain malicious code. Source: ghsa-malware...
Malicious code in scgs-capacitor-subscribe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3fb81fa33f5db11bebf15b6af6f18a63ca129349c0d7bcaf729dc27f69d63f2 The package scgs-capacitor-subscribe was found to contain malicious code. Source: ghsa-malware...