@adaptui/react-native-tailwind (>=1.0.0-alpha.0 <=1.0.0-alpha.8), @admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49) +190 more potentially affected by unknown CVE via @react-native-aria/radio (=0.2.13)

@react-native-aria/radio NPM version =0.2.13 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/radio and may be impacted: - @adaptui/react-native-tailwind =1.0.0-alpha.0, =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2,...

@custom-lib/design-system (>=0.1.0 <=0.1.4) potentially affected by unknown CVE via @react-native-aria/separator (=0.2.6)

@react-native-aria/separator NPM version =0.2.6 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/separator and may be impacted: - @custom-lib/design-system =0.1.0, =0.1.4 Source cves: unknown CVE Source advisory: OSV:MAL-2025-4787...

@aemforms/af-react-native (>=1.0.1 <=1.0.31), @akalli/components (=0.0.1) +151 more potentially affected by unknown CVE via @react-native-aria/button (=0.2.10)

@react-native-aria/button NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/button and may be impacted: - @aemforms/af-react-native =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2, =1.2.0, =0.1.0, =0.0.4, =4.0.2,...

MAL-2025-4776 Malicious code in @gluestack-ui/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 17982e09dcf1a69caf714afad49b310371d80fe7260bf21fcad08da2a07df00c React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4778 Malicious code in @react-native-aria/checkbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ddc6ca13c84757389a8703ee553981d86519fdeca6112152dc3bf344c98ea337 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4779 Malicious code in @react-native-aria/combobox (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1ac997eb7889bb6aa988bf49e9beb198eb49629764c6fff1ac19cd4e8118b600 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

MAL-2025-4871 Malicious code in react-intlist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d68da68127cdae55b189751f3d17a5882f56394b012d93fc26e35c36fe6aa456 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-intlist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d68da68127cdae55b189751f3d17a5882f56394b012d93fc26e35c36fe6aa456 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-query-persist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 510db02a90f329eb7d168ccd3c9ae2f89d81e24f4dae93823b0b1fdac4bf2256 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4874 Malicious code in react-query-persist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 510db02a90f329eb7d168ccd3c9ae2f89d81e24f4dae93823b0b1fdac4bf2256 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-native-atob (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b91f4867862f09ae93e8c5413e74fc6e717d421419c933ef721bf15df14c6e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4873 Malicious code in react-native-atob (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b91f4867862f09ae93e8c5413e74fc6e717d421419c933ef721bf15df14c6e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea18e81b4f8dd9695b27d71a047d0e8f2e6c2bb52dcd1b3b3f19cde0391c2fa5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in meteor-react-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10edb5e94e2b6aede51af9b2525726341571187cb32e9a56e9b86639c7130341 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4852 Malicious code in meteor-react-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10edb5e94e2b6aede51af9b2525726341571187cb32e9a56e9b86639c7130341 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-server-dom-fb (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3de60ce6ee796258f00f8278b01f38d42a0db62601e38791bd2ab9a1b20cbdeb Any computer that has this package installed or running should be considered...

MAL-2025-4762 Malicious code in react-server-dom-fb (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3de60ce6ee796258f00f8278b01f38d42a0db62601e38791bd2ab9a1b20cbdeb Any computer that has this package installed or running should be considered...

GHSA-F5XG-CFPJ-2MW6 taro-css-to-react-native Regular Expression Denial of Service vulnerability

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...

@agreejs/cli (>=0.0.1 <=3.2.43), @agreejs/rn-runner (>=3.2.1 <=3.2.15) +98 more potentially affected by CVE-2025-5896 via taro-css-to-react-native (>=1.3.0-beta.1 <=4.1.2-alpha.2)

taro-css-to-react-native NPM version =1.3.0-beta.1, =0.0.1, =3.2.1, =3.2.1, =1.0.0, =1.0.0, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0, =1.1.5, =1.0.0, =1.3.2 - @c-art/convert-cli =1.1.0 - @d-bigfish/cli =1.0.14 - @d1m-atom/taro-vue-cli =1.0.5 and more Source cves: CVE-2025-5896 Source advisory:...

GHSA-FJ44-H6XW-896G react-native-keys insecurely stores encryption cipher and Base64 chunks

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...