react-native-bottom-tabs 安全漏洞

react-native-bottom-tabs is the native bottom tabs of a Callstack Incubator open source. A security vulnerability exists in react-native-bottom-tabs version 0.9.2 and earlier, which stems from the improper use of the pullrequesttarget event trigger in the GitHub Actions workflow, and could lead t...

CVE-2025-54594

React-native-bottom-tabs

CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

PT-2025-31972 · Unknown · Writebot Ai Content Generator Saas React Template

Name of the Vulnerable Software and Affected Versions: Writebot AI Content Generator SaaS React Template versions through 4.0.0 Description: A file upload issue exists in Writebot AI Content Generator SaaS React Template. Remote attackers can exploit this to gain escalated privileges by submittin...

PT-2025-32002

Name of the Vulnerable Software and Affected Versions: react-native-bottom-tabs versions 0.9.2 and earlier Description: The react-native-bottom-tabs library improperly used the pull request target event trigger in the github/workflows/release-canary.yml GitHub Actions workflow. This allowed...

PT-2025-44787

Name of the Vulnerable Software and Affected Versions React Native Community CLI versions 4.8.0 through 20.0.0-alpha.2 Description The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint vulnerable to...

Malicious code in react-is-router (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6651 Malicious code in react-is-router (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in react-native-gainsight-px (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6755 Malicious code in react-native-gainsight-px (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in react-icon-maker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46dc16e0765ddb06bcc46c49b58deba17ff9d4fce6cc5b65ebba0f617cf44fed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-qrcode-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7415d66ef3e5a6e0067c5808f2f7929a2e7ec2b74003252747a89dfe7341b50b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview react-icon-maker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview react-qrcode-icon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-6371 Malicious code in react-qrcode-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7415d66ef3e5a6e0067c5808f2f7929a2e7ec2b74003252747a89dfe7341b50b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6370 Malicious code in react-icon-maker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46dc16e0765ddb06bcc46c49b58deba17ff9d4fce6cc5b65ebba0f617cf44fed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-redux-stylizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a197696811f0bf0075aceaf1c780dc72528144a4fa028d9dabdc7f6999144f42 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview react-redux-stylizer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...