MAL-2025-4781 Malicious code in @react-native-aria/focus (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security f417c0ca8632369f18fa208f418b61b3150122f048ba95cbf4b0ab78dc4f20c2 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

Malicious code in react-intlist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d68da68127cdae55b189751f3d17a5882f56394b012d93fc26e35c36fe6aa456 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4871 Malicious code in react-intlist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d68da68127cdae55b189751f3d17a5882f56394b012d93fc26e35c36fe6aa456 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-query-persist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 510db02a90f329eb7d168ccd3c9ae2f89d81e24f4dae93823b0b1fdac4bf2256 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4874 Malicious code in react-query-persist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 510db02a90f329eb7d168ccd3c9ae2f89d81e24f4dae93823b0b1fdac4bf2256 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-native-atob (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b91f4867862f09ae93e8c5413e74fc6e717d421419c933ef721bf15df14c6e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4873 Malicious code in react-native-atob (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b91f4867862f09ae93e8c5413e74fc6e717d421419c933ef721bf15df14c6e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea18e81b4f8dd9695b27d71a047d0e8f2e6c2bb52dcd1b3b3f19cde0391c2fa5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in meteor-react-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10edb5e94e2b6aede51af9b2525726341571187cb32e9a56e9b86639c7130341 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4852 Malicious code in meteor-react-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10edb5e94e2b6aede51af9b2525726341571187cb32e9a56e9b86639c7130341 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-server-dom-fb (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3de60ce6ee796258f00f8278b01f38d42a0db62601e38791bd2ab9a1b20cbdeb Any computer that has this package installed or running should be considered...

MAL-2025-4762 Malicious code in react-server-dom-fb (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3de60ce6ee796258f00f8278b01f38d42a0db62601e38791bd2ab9a1b20cbdeb Any computer that has this package installed or running should be considered...

@agreejs/cli (>=0.0.1 <=3.2.43), @agreejs/rn-runner (>=3.2.1 <=3.2.15) +98 more potentially affected by CVE-2025-5896 via taro-css-to-react-native (>=1.3.0-beta.1 <=4.1.2-alpha.2)

taro-css-to-react-native NPM version =1.3.0-beta.1, =0.0.1, =3.2.1, =3.2.1, =1.0.0, =1.0.0, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0, =1.1.5, =1.0.0, =1.3.2 - @c-art/convert-cli =1.1.0 - @d-bigfish/cli =1.0.14 - @d1m-atom/taro-vue-cli =1.0.5 and more Source cves: CVE-2025-5896 Source advisory:...

GHSA-F5XG-CFPJ-2MW6 taro-css-to-react-native Regular Expression Denial of Service vulnerability

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...

GHSA-FJ44-H6XW-896G react-native-keys insecurely stores encryption cipher and Base64 chunks

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

CVE-2025-45001

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

CVE-2025-45001

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

NervJS taro 安全漏洞

NervJS taro is an open cross-end cross-framework solution open-sourced by NervJS. A security vulnerability exists in NervJS taro version 4.1.1 and earlier, which stems from an incorrect manipulation of the file taro/packages/css-to-react-native/src/index.js resulting in inefficient regular...

CVE-2025-45001

CVE-2025-45001 affects react-native-keys 0.7.11. The issue is that encryption cipher data and Base64 chunks are stored as plaintext in the compiled native binary, enabling leakage of secrets through basic static analysis. Documents consistently describe this as a remote information-disclosure vul...

CVE-2025-45001

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...