689 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
@digifox/providers (=5.0.3), @wowpay/react-native-sdk (>=1.0.3 <=1.0.21) +3 more potentially affected by unknown CVE via react-native-websocket (=1.0.2)
react-native-websocket NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on react-native-websocket and may be impacted: - @digifox/providers =5.0.3 - @wowpay/react-native-sdk =1.0.3, =1.0.0, =1.0.0, =1.0.0, =1.0.2 Source cves: unknown CVE...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
@jbrowse/core (>=1.4.0 <=1.7.3), @persistr/js (>=3.6.3 <=3.14.0) +5 more potentially affected by unknown CVE via tenacious-fetch (=2.3.1)
tenacious-fetch NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tenacious-fetch and may be impacted: - @jbrowse/core =1.4.0, =3.6.3, =1.0.5, =1.0.0, =1.2.0 Source cves: unknown CVE Source advisory: SNYK:JS-TENACIOUSFETCH-14103737...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
module-mobile-js (>=1.3.8 <=1.4.0), react-native-iris-sdk (>=3.3.16 <=3.3.31) potentially affected by unknown CVE via react-native-log-level (=1.2.0)
react-native-log-level NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-native-log-level and may be impacted: - module-mobile-js =1.3.8, =3.3.16, =3.3.31 Source cves: unknown CVE Source advisory:...
react-native-junsible (>=0.0.1 <=0.0.7) potentially affected by unknown CVE via react-native-email (=2.1.0)
react-native-email NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-native-email and may be impacted: - react-native-junsible =0.0.1, =0.0.7 Source cves: unknown CVE Source advisory: SNYK:JS-REACTNATIVEEMAIL-14103701...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in react-native-worklet-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ed2ae3214c7915580ec4f119fc2fc1ee0e071e2deea48ef419973982180aa9c The package react-native-worklet-functions was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190857 Malicious code in react-native-worklet-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ed2ae3214c7915580ec4f119fc2fc1ee0e071e2deea48ef419973982180aa9c The package react-native-worklet-functions was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198819
Malicious code in react-native-worklet-functions npm...
MAL-2025-190793 Malicious code in @actbase/react-native-devtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6903aaa72b2c62de00654968d7729b4fd07bfa78bf68f14c1ee924f6c5dde9c2 The package @actbase/react-native-devtools was found to contain malicious code. Source: ghsa-malware...
Malicious code in @actbase/react-native-devtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6903aaa72b2c62de00654968d7729b4fd07bfa78bf68f14c1ee924f6c5dde9c2 The package @actbase/react-native-devtools was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198885
Malicious code in @actbase/react-native-devtools npm...
Malicious code in @strapbuild/react-native-date-time-picker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5a0237f0f0916f69a132f28afefe58f6c681c43c8dd6d3ca62ae2a3c2d6af45 The package @strapbuild/react-native-date-time-picker was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198852
Malicious code in @strapbuild/react-native-date-time-picker npm...
EUVD-2025-198883
Malicious code in @actbase/react-native-kakao-channel npm...
MAL-2025-190794 Malicious code in @actbase/react-native-kakao-channel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65c6154361619c2c8153e5a3035c559aafef406bd969d3178a240e0ed19d0a9a The package @actbase/react-native-kakao-channel was found to contain malicious code. Source: ghsa-malware...