CVE-2025-45001

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

CVE-2025-45001

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

NervJS taro 安全漏洞

NervJS taro is an open cross-end cross-framework solution open-sourced by NervJS. A security vulnerability exists in NervJS taro version 4.1.1 and earlier, which stems from an incorrect manipulation of the file taro/packages/css-to-react-native/src/index.js resulting in inefficient regular...

CVE-2025-45001

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

npm react-native-keys 安全漏洞

npm react-native-keys is a mobile environment variable security library from US-based npm. A security vulnerability exists in npm react-native-keys version 0.7.11, which stems from encrypted passwords and Base64 blocks being stored in plaintext in compiled native binaries, potentially leading to...

CVE-2025-45001

CVE-2025-45001 affects react-native-keys 0.7.11. The issue is that encryption cipher data and Base64 chunks are stored as plaintext in the compiled native binary, enabling leakage of secrets through basic static analysis. Documents consistently describe this as a remote information-disclosure vul...

PT-2025-24542 · Unknown · React-Native-Keys

Name of the Vulnerable Software and Affected Versions: react-native-keys version 0.7.11 Description: The issue concerns sensitive information disclosure, where encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basi...

MAL-2025-4767 Malicious code in tcp-app-activation-react (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a8b8acee879d06b50ea282023a2896ab53ab591f61f99513e23bc3a582e3bc1d Any computer that has this package installed or running should be considered...

Malicious code in basic-with-react-hooks (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7efadad57bdbe52801b9d31e36cd5cd4678d838d46d71c95ab940aee65a12bc Any computer that has this package installed or running should be considered...

MAL-2025-4612 Malicious code in react-native-google-acm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3987a453bfe3f7164232221b3a1a0f9c3c182a6581cf7a9241f4fbb7e77af649 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @fronteg/react (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a00cbd466b7c4e34b73a25864bfbbf1d649af40b160cff27b859d85074a74fd7 Any computer that has this package installed or running should be considered...

MAL-2025-4497 Malicious code in react-blockchain-checker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3d5628d888e7c28f26a71142f402b8ad017dacabad04cbf0a71ac4c43223f46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-blockchain-checker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3d5628d888e7c28f26a71142f402b8ad017dacabad04cbf0a71ac4c43223f46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react_code_format (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 361ad03064f5e32012ed273f2a774a1528ef81284235b9757bb2947671dff09b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @abacusmirror/react-fontawesome (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-4537 Malicious code in @abacusmirror/react-fontawesome (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-4576 Malicious code in react-native-xaml-repo (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d64cdbdbf3b2ec9cf523f3b4b0b787c947b6c50c2d4d42bf96c13cd906d84c9f Any computer that has this package installed or running should be considered...

Malicious code in react-native-xaml-repo (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d64cdbdbf3b2ec9cf523f3b4b0b787c947b6c50c2d4d42bf96c13cd906d84c9f Any computer that has this package installed or running should be considered...

MAL-2025-4579 Malicious code in skipthedishes_react (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in @mse-entitlement-sdk/react (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 995ec6e409e21dfda12726e0ffbf16d84fc04fda1705805e0ee90fe4e1b23f69 Any computer that has this package installed or running should be considered...