MAL-2025-4787 Malicious code in @react-native-aria/separator (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c4f88a3038167bc7dfee653f5f7da062761079e770fccd80c28832842ac9c014 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4785 Malicious code in @react-native-aria/overlays (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b750f7d8494a011a02c4c74b8b68b56f54c51cb02b85cf9728c80cb1eef574e1 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

@admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49), @aemforms/af-react-native (>=1.0.1 <=1.0.31) +188 more potentially affected by unknown CVE via @react-native-aria/slider (=0.2.12)

@react-native-aria/slider NPM version =0.2.12 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/slider and may be impacted: - @admin-layout/gluestack-ui-mobile =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2, =1.2.0,...

MAL-2025-4791 Malicious code in @react-native-aria/toggle (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 97ba08618fb93f76ae71922e2a9212ad64a743b1bff038fb70c33753273cb245 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4792 Malicious code in @react-native-aria/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 86110b8ddeafc0fbfe05bcb49e82cc1047aca664d73928c3c12bac00f4ab4e7d React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4782 Malicious code in @react-native-aria/interactions (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 0ebff3f8886f25a3adc58387ba0a97c3768c3c88e8f4c09d8562b92b0fdbbd7f React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4780 Malicious code in @react-native-aria/disclosure (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 257ffc8541490ada2a41d7f56aac16d0a9eb9c789be4858a9fb6243c31937ef6 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4788 Malicious code in @react-native-aria/slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3e5580844fc6f63010dfda70e7d9c4cebd2672099bb2d66c49ebbe671f511ba1 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

@adaptui/react-native-tailwind (>=1.0.0-alpha.0 <=1.0.0-alpha.12), @admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49) +193 more potentially affected by unknown CVE via @react-native-aria/checkbox (=0.2.10)

@react-native-aria/checkbox NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/checkbox and may be impacted: - @adaptui/react-native-tailwind =1.0.0-alpha.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0,...

MAL-2025-4790 Malicious code in @react-native-aria/tabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 9b37ef96f1f4f67e95f3c2e425a1e3ec62db2db5ef00217c25bf38990a69ec28 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4786 Malicious code in @react-native-aria/radio (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b98adedbfc9e23f5ef035b1fd6980aa12fd3724f01d871eae73a3398fefe89a3 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4783 Malicious code in @react-native-aria/listbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 7483620e07f1df855fba9750b8b752f9ec4ce35723c1920562bc7c2f86cf2c6d React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4784 Malicious code in @react-native-aria/menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8890be818fee58f3ddcfc7238753e75234d4f0d165160e786b299d128172ff69 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4781 Malicious code in @react-native-aria/focus (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security f417c0ca8632369f18fa208f418b61b3150122f048ba95cbf4b0ab78dc4f20c2 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

@adaptui/react-native-tailwind (>=1.0.0-alpha.0 <=1.0.0-alpha.12), @admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49) +254 more potentially affected by unknown CVE via @react-native-aria/interactions (>=0.2.11 <=0.2.16)

@react-native-aria/interactions NPM version =0.2.11, =1.0.0-alpha.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2, =1.2.0, =0.0.1-alpha.1, =0.0.1-alpha.1, =0.0.1-beta.8 - @celcomdigi/test-sdk =1.0.0 - @criticalx7/zen-ts-expo-template =1.0.0 and more Source cves: unknown CVE Sour...

@adaptui/react-native-tailwind (>=1.0.0-alpha.0 <=1.0.0-alpha.8), @admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49) +190 more potentially affected by unknown CVE via @react-native-aria/radio (=0.2.13)

@react-native-aria/radio NPM version =0.2.13 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/radio and may be impacted: - @adaptui/react-native-tailwind =1.0.0-alpha.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2,...

@custom-lib/design-system (>=0.1.0 <=0.1.4) potentially affected by unknown CVE via @react-native-aria/separator (=0.2.6)

@react-native-aria/separator NPM version =0.2.6 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/separator and may be impacted: - @custom-lib/design-system =0.1.0, =0.1.4 Source cves: unknown CVE Source advisory: OSV:MAL-2025-4787...

@aemforms/af-react-native (>=1.0.1 <=1.0.31), @akalli/components (=0.0.1) +151 more potentially affected by unknown CVE via @react-native-aria/button (=0.2.10)

@react-native-aria/button NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/button and may be impacted: - @aemforms/af-react-native =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2, =1.2.0, =0.1.0, =0.0.4, =4.0.2,...

@8sistemas/design-system (>=0.6.0 <=0.7.0), @adaptui/react-native-tailwind (>=1.0.0 <=1.0.0-alpha.13) +211 more potentially affected by unknown CVE via @react-native-aria/overlays (>=0.2.11 <=0.3.15)

@react-native-aria/overlays NPM version =0.2.11, =0.6.0, =1.0.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.5.0-alpha.2, =0.1.0-alpha2, =1.2.0, =0.1.0, =0.1.8 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-4785...

MAL-2025-4779 Malicious code in @react-native-aria/combobox (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1ac997eb7889bb6aa988bf49e9beb198eb49629764c6fff1ac19cd4e8118b600 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...