4 matches found
fox (>=1.1.0 <=1.6.2), prova (>=0.0.0 <=0.0.2) potentially affected by unknown CVE via simple.io (=2.0.0)
simple.io NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on simple.io and may be impacted: - fox =1.1.0, =0.0.0, =0.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-33280...
attr (>=0.0.0 <=0.0.1), door (>=0.0.5 <=0.0.6) +6 more potentially affected by unknown CVE via new-pubsub (>=0.0.3 <=2.0.0)
new-pubsub NPM version =0.0.3, =0.0.0, =0.0.5, =0.0.7, =0.0.0, =0.0.0, =0.0.0, =0.0.2 - watch-array =0.0.4 Source cves: unknown CVE Source advisory: OSV:MAL-2025-27366...
fox (=0.0.8), lowkick (>=0.0.1 <=0.1.0) +2 more potentially affected by unknown CVE via combiner (=1.2.1)
combiner NPM version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on combiner and may be impacted: - fox =0.0.8 - lowkick =0.0.1, =1.1.0, =0.3.1, =0.3.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-17379...
Malicious Package
Overview react-native-animated-fox is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...