63 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview @nativescript-community/ui-collectionview is a package that allows you to easily add a collection view grid list view to your projects Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
@censujiang/nativescript-local-notifications (=6.4.0), @nativescript-community/audio (=6.4.14) +4 more potentially affected by unknown CVE via @nativescript-community/perms (>=3.0.11 <=3.0.3)
@nativescript-community/perms NPM version =3.0.11, =3.1.20, =7.0.0, =1.0.4, =0.0.1, =0.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-NATIVESCRIPTCOMMUNITYPERMS-12704723...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview @nativescript-community/perms is an unified permissions API for NativeScript on iOS and Android. Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Embedded Malicious Code
Overview @nativescript-community/sentry is a cross-platform application monitoring tool, with a focus on error reporting Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from...
@nativescript/plugin-tools (>=5.5.0 <=5.5.3), @nstudio/xplat (>=20.0.0 <=20.0.3) potentially affected by unknown CVE via @nstudio/focus (>=20.0.0 <=20.0.3)
@nstudio/focus NPM version =20.0.0, =5.5.0, =20.0.0, =20.0.3 Source cves: unknown CVE Source advisory: SNYK:JS-NSTUDIOFOCUS-12744498...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
@akylas/nativescript-sqlite (>=3.2.0 <=3.3.11) potentially affected by unknown CVE via @nativescript-community/typeorm (=0.2.29)
@nativescript-community/typeorm NPM version =0.2.29 is affected by a known vulnerability. The following packages have a transitive dependency on @nativescript-community/typeorm and may be impacted: - @akylas/nativescript-sqlite =3.2.0, =3.3.11 Source cves: unknown CVE Source advisory:...
@codingducksrl/nx-duck (>=0.4.1 <=0.4.6), @nativescript/plugin-tools (>=5.5.0 <=5.5.3) +11 more potentially affected by CVE-2025-10894 via @nx/node (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)
@nx/node NPM version =20.0.0-beta.0, =0.4.1, =5.5.0, =4.0.0, =2.12.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0, =20.0.0, =0.2.0, =20.0.0, =20.2.1-dev.3 - @terrxo/nx-cloudflare =4.0.1 - @ziacik/azure-func =4.0.0 Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXNODE-12205640...
Malicious code in nativescript-sd-camera (npm)
The package nativescript-sd-camera was found to contain malicious code...
MAL-2025-27092 Malicious code in nativescript-sd-camera (npm)
The package nativescript-sd-camera was found to contain malicious code...
Malicious code in nativescript-gainsight-px2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12143d1c19f403559d49925266742f6b2ca75a3fda8ed195a4e0189bf64dce70 The OpenSSF Package Analysis project identified 'nativescript-gainsight-px2' @ 1.11.3 npm as malicious. It is considered malicious because: - Th...
MAL-2025-19 Malicious code in nativescript-gainsight-px2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12143d1c19f403559d49925266742f6b2ca75a3fda8ed195a4e0189bf64dce70 The OpenSSF Package Analysis project identified 'nativescript-gainsight-px2' @ 1.11.3 npm as malicious. It is considered malicious because: - Th...