689 matches found
React Native Community CLI remote command execution
Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...
React Native Community CLI remote command execution
Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnChecksaid it first observed exploitation of CVE-2025-11953 aka Metro4Shell on December 21, 2025. With a...
Malicious code in react-native-expofp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4359b8fd752707d568aa82cc795ecb3a73be0444e93f02795686a048bc2de8a1 The package react-native-expofp was found to contain malicious code. Source: ghsa-malware...
MAL-2026-647 Malicious code in react-native-expofp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4359b8fd752707d568aa82cc795ecb3a73be0444e93f02795686a048bc2de8a1 The package react-native-expofp was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview react-native-expofp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview react-native-webview-forked is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in react-native-webview-forked (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48574c96ad66df5527d36dccb8f8c425b244bb90c2ac49491618968865ccd7da The package react-native-webview-forked was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-3258
Malicious code in react-native-webview-forked npm...
MAL-2026-348 Malicious code in react-native-webview-forked (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48574c96ad66df5527d36dccb8f8c425b244bb90c2ac49491618968865ccd7da The package react-native-webview-forked was found to contain malicious code. Source: ghsa-malware...
Exploit for CVE-2025-11953
CVE-2025-11953 - React Native CLI RCE Research Environment !...
CVE-2023-25933
A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, mos...
CVE-2019-12164
ubuntu-server.js in Status React Native Desktop before v0.57.8mobileui allows Remote Code Execution...
Malicious code in react-native-kyc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3d1ae391e8ec2bcc50f5d507ae3566a122058f2d3aa4227b5abf64ecc43990a The package react-native-kyc was found to contain malicious code. Source: ghsa-malware b07a2ced47f073e338b59c9aed3d551f9e8acbbe7c1e02102b7a9c8fb37250...
EUVD-2026-1122
Malicious code in react-native-kyc npm...
MAL-2026-78 Malicious code in react-native-kyc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3d1ae391e8ec2bcc50f5d507ae3566a122058f2d3aa4227b5abf64ecc43990a The package react-native-kyc was found to contain malicious code. Source: ghsa-malware b07a2ced47f073e338b59c9aed3d551f9e8acbbe7c1e02102b7a9c8fb37250...
Malicious Package
Overview react-native-kyc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in @vietmoney/react-native-smart-page (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7789664c2f8f3999c2d9294a538cac5a4ae536b37159d9246a6aa2ac4e2c0b3f The package @vietmoney/react-native-smart-page was found to contain malicious code. Source: ghsa-malware...
MAL-2025-193001 Malicious code in @vietmoney/react-native-true-id (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96077b211aad35cef450b272ea27d6ef00276ecef718afa31ecb225b43d0b60e The package @vietmoney/react-native-true-id was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-205934
Malicious code in @vietmoney/react-native-image-transformer npm...