689 matches found
MAL-2025-31820 Malicious code in react-native-native-toast (npm)
The package react-native-native-toast was found to contain malicious code...
MAL-2025-21269 Malicious code in generator-accelerate-react-native (npm)
The package generator-accelerate-react-native was found to contain malicious code...
Malicious code in react-native-data-sdk (npm)
The package react-native-data-sdk was found to contain malicious code...
Malicious code in react-native-cmoponents (npm)
The package react-native-cmoponents was found to contain malicious code...
MAL-2025-31816 Malicious code in react-native-ezio-face-id-sdk (npm)
The package react-native-ezio-face-id-sdk was found to contain malicious code...
MAL-2025-31815 Malicious code in react-native-elemets (npm)
The package react-native-elemets was found to contain malicious code...
MAL-2025-31821 Malicious code in react-native-native-toast-library-2022 (npm)
The package react-native-native-toast-library-2022 was found to contain malicious code...
Malicious code in react-native-elemets (npm)
The package react-native-elemets was found to contain malicious code...
Malicious code in react-native-m49-area-picker-modal (npm)
The package react-native-m49-area-picker-modal was found to contain malicious code...
MAL-2025-6806 Malicious code in react-native-kraken-oauth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6dd9f629078cdad7b927b9f85f1d8b3a5d381a6009e08c65eafca6272b20cbf2 The OpenSSF Package Analysis project identified 'react-native-kraken-oauth' @ 1.0.1 npm as malicious. It is considered malicious because: - The...
Malicious code in react-native-kraken-oauth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6dd9f629078cdad7b927b9f85f1d8b3a5d381a6009e08c65eafca6272b20cbf2 The OpenSSF Package Analysis project identified 'react-native-kraken-oauth' @ 1.0.1 npm as malicious. It is considered malicious because: - The...
CVE-2025-54594
react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...
CVE-2025-54594
react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...
react-native-bottom-tabs 安全漏洞
react-native-bottom-tabs is the native bottom tabs of a Callstack Incubator open source. A security vulnerability exists in react-native-bottom-tabs version 0.9.2 and earlier, which stems from the improper use of the pullrequesttarget event trigger in the GitHub Actions workflow, and could lead t...
CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration
react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...
CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration
react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...
CVE-2025-54594
React-native-bottom-tabs
CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration
react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...
PT-2025-32002
Name of the Vulnerable Software and Affected Versions: react-native-bottom-tabs versions 0.9.2 and earlier Description: The react-native-bottom-tabs library improperly used the pull request target event trigger in the github/workflows/release-canary.yml GitHub Actions workflow. This allowed...
PT-2025-44787
Name of the Vulnerable Software and Affected Versions React Native Community CLI versions 4.8.0 through 20.0.0-alpha.2 Description The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint vulnerable to...