689 matches found
Malicious Package
Overview @vietmoney/react-native-vnpay-merchant is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
EUVD-2025-205927
Malicious code in @vietmoney/react-native-vnpay-merchant npm...
Malicious code in @vietmoney/react-native-action-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df1a9f2c1ef7c8dd8ece133048315f8ab738a4d5d8bf1a11dbe5f932d39e2eca The package @vietmoney/react-native-action-button was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-205932
Malicious code in @vietmoney/react-native-tags-input npm...
EUVD-2025-205933
Malicious code in @vietmoney/react-native-smart-page npm...
Malicious Package
Overview twilio-voice-react-native-reference-server is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview next is a react framework. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere. An attacker can access the source code of any Server Function by sending a malicious HTTP request to a vulnerable Server Function...
@actbase/react-native-kakao-channel contains malware after npm account takeover
On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...
@actbase/react-native-tiktok contains malware after npm account takeover
On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...
@actbase/react-native-fast-image contains malware after npm account takeover
On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...
@actbase/react-native-actionsheet contains malware after npm account takeover
On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...
EUVD-2025-199104
Malicious code in react-native-jam-icons npm...
MAL-2025-191144 Malicious code in react-native-jam-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4651dd576f405b8b0d0fd7724638dce527ed7cec18cdfc20e4b49f5cc3f9006d The package react-native-jam-icons was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-native-jam-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4651dd576f405b8b0d0fd7724638dce527ed7cec18cdfc20e4b49f5cc3f9006d The package react-native-jam-icons was found to contain malicious code. Source: ghsa-malware...
react-native-modest-storage (=2.0.0) potentially affected by unknown CVE via @tiaanduplessis/json (=2.0.1)
@tiaanduplessis/json NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @tiaanduplessis/json and may be impacted: - react-native-modest-storage =2.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191056...
EUVD-2025-199048
Malicious code in react-native-datepicker-modal npm...
Malicious code in react-native-datepicker-modal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86014f2b55c2d58c217fd51ebbffc71cbc86fad9b13d443647f1cb11c19c7ade The package react-native-datepicker-modal was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199047
Malicious code in react-native-email npm...
Malicious code in react-native-email (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 685a2ceb0fc4b3de8462a07c55626285d47bbb72612a7feac2582a7dbfc2a606 The package react-native-email was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190996 Malicious code in react-native-email (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 685a2ceb0fc4b3de8462a07c55626285d47bbb72612a7feac2582a7dbfc2a606 The package react-native-email was found to contain malicious code. Source: ghsa-malware...