689 matches found
CVE-2023-23557
An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScrip...
CVE-2023-24832
A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execut...
CVE-2022-40138
An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...
CVE-2021-24037
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...
CVE-2021-24045
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected...
CVE-2020-1911
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
Malicious code in @dailyapy-rn/rn-push-provisioning (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in react-native-scrollpageviewtest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcee80fff21305590dcf04ace763231bdd81fcc2ef72bf8492ed79a60a17cd3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4284 Malicious code in react-native-scrollpageviewtest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcee80fff21305590dcf04ace763231bdd81fcc2ef72bf8492ed79a60a17cd3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3852 Malicious code in react-native-plugin-ms-adal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 361e4c6581b21fde6eeab43c3e36a75bd051771efd939b92cd3f82fbee601f6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-native-plugin-ms-adal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 361e4c6581b21fde6eeab43c3e36a75bd051771efd939b92cd3f82fbee601f6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @sporta-technology/rn-components.text-input (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in talsec-react-native-security-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68ab8661116d9ec30b2582ba0a9547684e8ad10024bae79f2b4094e5ea0937d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3262 Malicious code in talsec-react-native-security-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68ab8661116d9ec30b2582ba0a9547684e8ad10024bae79f2b4094e5ea0937d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in arkose-labs-react-native-example (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-2836 Malicious code in arkose-labs-react-native-example (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-1667 Malicious code in react-native-survicate (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bc16cb68d62d1ff95179e3f34e2afa8a62648c8cf9a10e9de12a9d1ec4e4abe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1663 Malicious code in react-native-windows-repo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c894e9ec1df07b7a9631c7a3fff0940b131f370c1e5c3d1846b7ff2398076e59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-native-windows-repo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c894e9ec1df07b7a9631c7a3fff0940b131f370c1e5c3d1846b7ff2398076e59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...