689 matches found
MAL-2025-190712 Malicious code in @actbase/react-native-tiktok (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e30674f65fae1c8cebcf4d015086a943502402cc93f3559653c406c592a62366 The package @actbase/react-native-tiktok was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198777
Malicious code in react-native-use-modal npm...
Malicious code in react-native-use-modal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08891181ddf6d5d5a9b94c1742e17b2e3aaa9ed8fd8fdab8b22fbd163e86d6bf The package react-native-use-modal was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190779 Malicious code in react-native-use-modal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08891181ddf6d5d5a9b94c1742e17b2e3aaa9ed8fd8fdab8b22fbd163e86d6bf The package react-native-use-modal was found to contain malicious code. Source: ghsa-malware...
Malicious code in @actbase/react-native-naver-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20b3259789ec3c0e90767b9f76d1f7d825f89fba1d5810692ec87ae4567f698e The package @actbase/react-native-naver-login was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190711 Malicious code in @actbase/react-native-naver-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20b3259789ec3c0e90767b9f76d1f7d825f89fba1d5810692ec87ae4567f698e The package @actbase/react-native-naver-login was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198780
Malicious code in @actbase/react-native-naver-login npm...
EUVD-2025-198632
Malicious code in posthog-react-native-session-replay npm...
MAL-2025-190649 Malicious code in posthog-react-native-session-replay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2487b6f3e3f9f2ef47f2509033fe071b332f5035e1e01320482eea928ae8a120 The package posthog-react-native-session-replay was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-197747
Malicious code in react-native-animated-shine npm...
Malicious Package
Overview react-native-animated-shine is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in react-native-animated-shine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5050403e37c46819e95b4473ce0825d3dfe40bf8b41941ecd666e9b5048ffb14 The package react-native-animated-shine was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190510 Malicious code in react-native-animated-shine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5050403e37c46819e95b4473ce0825d3dfe40bf8b41941ecd666e9b5048ffb14 The package react-native-animated-shine was found to contain malicious code. Source: ghsa-malware...
OS Command Injection
@react-native-community/cli is vulnerable to OS Command Injection. The vulnerability is due to an exposed endpoint that accepts attacker-controlled POST data and passes it to system execution paths without proper sanitization, which allows an unauthenticated network attacker to run arbitrary...
Severe React Native Flaw Exposes Developer Systems to Remote Attacks
JFrog researchers found a critical RCE vulnerability CVE-2025-11953 in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw...
CVE-2025-11953
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...
Exploit for CVE-2025-11953
React Native CLI Command Injection Demo CVE-2025-11953 ⚠...
Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks
Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...
@react-native-community/cli has arbitrary OS command injection
The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...
GHSA-399J-VXMF-HJVR @react-native-community/cli has arbitrary OS command injection
The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...