4915 matches found
PT-2025-24542 · Unknown · React-Native-Keys
Name of the Vulnerable Software and Affected Versions: react-native-keys version 0.7.11 Description: The issue concerns sensitive information disclosure, where encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basi...
npm react-native-keys 安全漏洞
npm react-native-keys is a mobile environment variable security library from US-based npm. A security vulnerability exists in npm react-native-keys version 0.7.11, which stems from encrypted passwords and Base64 blocks being stored in plaintext in compiled native binaries, potentially leading to...
MAL-2025-4767 Malicious code in tcp-app-activation-react (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a8b8acee879d06b50ea282023a2896ab53ab591f61f99513e23bc3a582e3bc1d Any computer that has this package installed or running should be considered...
Malicious code in basic-with-react-hooks (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7efadad57bdbe52801b9d31e36cd5cd4678d838d46d71c95ab940aee65a12bc Any computer that has this package installed or running should be considered...
MAL-2025-4612 Malicious code in react-native-google-acm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3987a453bfe3f7164232221b3a1a0f9c3c182a6581cf7a9241f4fbb7e77af649 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @fronteg/react (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a00cbd466b7c4e34b73a25864bfbbf1d649af40b160cff27b859d85074a74fd7 Any computer that has this package installed or running should be considered...
Malicious code in react-blockchain-checker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3d5628d888e7c28f26a71142f402b8ad017dacabad04cbf0a71ac4c43223f46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4497 Malicious code in react-blockchain-checker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3d5628d888e7c28f26a71142f402b8ad017dacabad04cbf0a71ac4c43223f46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react_code_format (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 361ad03064f5e32012ed273f2a774a1528ef81284235b9757bb2947671dff09b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @abacusmirror/react-fontawesome (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-4537 Malicious code in @abacusmirror/react-fontawesome (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in react-native-xaml-repo (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d64cdbdbf3b2ec9cf523f3b4b0b787c947b6c50c2d4d42bf96c13cd906d84c9f Any computer that has this package installed or running should be considered...
MAL-2025-4576 Malicious code in react-native-xaml-repo (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d64cdbdbf3b2ec9cf523f3b4b0b787c947b6c50c2d4d42bf96c13cd906d84c9f Any computer that has this package installed or running should be considered...
MAL-2025-4579 Malicious code in skipthedishes_react (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in @mse-entitlement-sdk/react (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 995ec6e409e21dfda12726e0ffbf16d84fc04fda1705805e0ee90fe4e1b23f69 Any computer that has this package installed or running should be considered...
Malicious code in @fms-common-biz/basic-react (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-4540 Malicious code in @fms-common-biz/basic-react (npm)
The package communicates with a domain associated with malicious activity...
CVE-2024-47824
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that roo...
CVE-2024-21668
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
CVE-2024-51749
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...