@admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49), @custom-lib/design-system (>=0.1.0 <=0.1.8) +36 more potentially affected by unknown CVE via @react-native-aria/menu (>=0.2.10 <=0.2.15)

@react-native-aria/menu NPM version =0.2.10, =6.5.1-alpha.0, =0.1.0, =0.0.1-alpha.1, =0.5.36, =0.2.0, =0.0.1-alpha.0, =0.1.0, =0.1.0, =0.1.0, =0.3.45, =0.0.1, =1.0.0, =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-4784...

@aemforms/af-react-native (>=1.0.1 <=1.0.31), @akalli/components (=0.0.1) +146 more potentially affected by unknown CVE via @react-native-aria/tabs (=0.2.13)

@react-native-aria/tabs NPM version =0.2.13 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/tabs and may be impacted: - @aemforms/af-react-native =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2, =1.2.0, =0.0.4, =4.0.2, =0.32.4, =0.32....

@aemforms/af-react-native (>=1.0.1 <=1.0.31), @akalli/components (=0.0.1) +146 more potentially affected by unknown CVE via @react-native-aria/combobox (=0.2.7)

@react-native-aria/combobox NPM version =0.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/combobox and may be impacted: - @aemforms/af-react-native =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2, =1.2.0, =0.0.4, =4.0.2, =0.32.4,...

Malicious code in @gluestack-ui/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 17982e09dcf1a69caf714afad49b310371d80fe7260bf21fcad08da2a07df00c React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4787 Malicious code in @react-native-aria/separator (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c4f88a3038167bc7dfee653f5f7da062761079e770fccd80c28832842ac9c014 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4785 Malicious code in @react-native-aria/overlays (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b750f7d8494a011a02c4c74b8b68b56f54c51cb02b85cf9728c80cb1eef574e1 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

@adaptui/react-native-tailwind (>=1.0.0-alpha.0 <=1.0.0-alpha.12), @admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49) +195 more potentially affected by unknown CVE via @react-native-aria/toggle (=0.2.11)

@react-native-aria/toggle NPM version =0.2.11 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/toggle and may be impacted: - @adaptui/react-native-tailwind =1.0.0-alpha.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2...

@malberee/heroui-native (>=1.1.11 <=1.1.12), @malberee/nextui-native (>=1.0.0 <=1.1.10) +3 more potentially affected by unknown CVE via @react-native-aria/switch (=0.2.4)

@react-native-aria/switch NPM version =0.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/switch and may be impacted: - @malberee/heroui-native =1.1.11, =1.0.0, =1.1.13, =3.0.0-next.23, =0.2.2, =0.2.3 Source cves: unknown CVE Sour...

@8sistemas/design-system (>=0.6.0 <=0.7.0), @adaptui/react-native-tailwind (>=1.0.0 <=1.0.0-alpha.13) +275 more potentially affected by unknown CVE via @react-native-aria/utils (>=0.2.10 <=0.2.12)

@react-native-aria/utils NPM version =0.2.10, =0.6.0, =1.0.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.5.0-alpha.2, =0.1.0-alpha2, =1.2.0, =0.0.1-alpha.1, =0.0.1-alpha.1, =0.0.1-beta.8 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-4792...

@admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49), @aemforms/af-react-native (>=1.0.1 <=1.0.31) +188 more potentially affected by unknown CVE via @react-native-aria/slider (=0.2.12)

@react-native-aria/slider NPM version =0.2.12 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/slider and may be impacted: - @admin-layout/gluestack-ui-mobile =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2, =1.2.0,...

MAL-2025-4792 Malicious code in @react-native-aria/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 86110b8ddeafc0fbfe05bcb49e82cc1047aca664d73928c3c12bac00f4ab4e7d React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4780 Malicious code in @react-native-aria/disclosure (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 257ffc8541490ada2a41d7f56aac16d0a9eb9c789be4858a9fb6243c31937ef6 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4791 Malicious code in @react-native-aria/toggle (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 97ba08618fb93f76ae71922e2a9212ad64a743b1bff038fb70c33753273cb245 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

@adaptui/react-native-tailwind (>=1.0.0-alpha.0 <=1.0.0-alpha.12), @admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49) +193 more potentially affected by unknown CVE via @react-native-aria/checkbox (=0.2.10)

@react-native-aria/checkbox NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/checkbox and may be impacted: - @adaptui/react-native-tailwind =1.0.0-alpha.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0,...

MAL-2025-4778 Malicious code in @react-native-aria/checkbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ddc6ca13c84757389a8703ee553981d86519fdeca6112152dc3bf344c98ea337 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

@adaptui/react-native-tailwind (>=1.0.0-alpha.0 <=1.0.0-alpha.12), @admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49) +254 more potentially affected by unknown CVE via @react-native-aria/interactions (>=0.2.11 <=0.2.16)

@react-native-aria/interactions NPM version =0.2.11, =1.0.0-alpha.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2, =1.2.0, =0.0.1-alpha.1, =0.0.1-alpha.1, =0.0.1-beta.8 - @celcomdigi/test-sdk =1.0.0 - @criticalx7/zen-ts-expo-template =1.0.0 and more Source cves: unknown CVE Sour...

@adaptui/react-native-tailwind (>=1.0.0-alpha.0 <=1.0.0-alpha.8), @admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49) +190 more potentially affected by unknown CVE via @react-native-aria/radio (=0.2.13)

@react-native-aria/radio NPM version =0.2.13 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/radio and may be impacted: - @adaptui/react-native-tailwind =1.0.0-alpha.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2,...

@custom-lib/design-system (>=0.1.0 <=0.1.4) potentially affected by unknown CVE via @react-native-aria/separator (=0.2.6)

@react-native-aria/separator NPM version =0.2.6 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/separator and may be impacted: - @custom-lib/design-system =0.1.0, =0.1.4 Source cves: unknown CVE Source advisory: OSV:MAL-2025-4787...

@aemforms/af-react-native (>=1.0.1 <=1.0.31), @akalli/components (=0.0.1) +151 more potentially affected by unknown CVE via @react-native-aria/button (=0.2.10)

@react-native-aria/button NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/button and may be impacted: - @aemforms/af-react-native =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2, =1.2.0, =0.1.0, =0.0.4, =4.0.2,...

@8sistemas/design-system (>=0.6.0 <=0.7.0), @adaptui/react-native-tailwind (>=1.0.0 <=1.0.0-alpha.13) +211 more potentially affected by unknown CVE via @react-native-aria/overlays (>=0.2.11 <=0.3.15)

@react-native-aria/overlays NPM version =0.2.11, =0.6.0, =1.0.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.5.0-alpha.2, =0.1.0-alpha2, =1.2.0, =0.1.0, =0.1.8 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-4785...