4915 matches found
CVE-2022-40138
An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...
CVE-2021-32622
Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...
CVE-2021-24037
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...
CVE-2021-21320
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...
CVE-2021-41176
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted...
CVE-2021-24045
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected...
CVE-2020-1911
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
MAL-2025-4158 Malicious code in @rf-ui-platform/react-ui-components (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-4157 Malicious code in @rf-auth/rf-auth-react (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @dailyapy-rn/rn-push-provisioning (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-4284 Malicious code in react-native-scrollpageviewtest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcee80fff21305590dcf04ace763231bdd81fcc2ef72bf8492ed79a60a17cd3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-native-scrollpageviewtest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcee80fff21305590dcf04ace763231bdd81fcc2ef72bf8492ed79a60a17cd3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-youtube-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 930546883aa218e28dc95d9e402e8af0737df76f72952337c765ce73ae6fab8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4116 Malicious code in react-youtube-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 930546883aa218e28dc95d9e402e8af0737df76f72952337c765ce73ae6fab8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3865 Malicious code in mfe-react-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f7835d0f6b232544302030371ac74d4c595860a04736a2ef54259a32993f9c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mfe-react-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f7835d0f6b232544302030371ac74d4c595860a04736a2ef54259a32993f9c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3914 Malicious code in react-mount-point-unstable (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a12f68daa4bc6ad2efd656ef3b93ae79f1783de0c3591c171aab5b331b1be2d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bui-react-10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7efb9896b372501d00ef7c23655b29a8eed7ffe274410cb4d2748ec4aa96eda7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-mount-point-unstable (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a12f68daa4bc6ad2efd656ef3b93ae79f1783de0c3591c171aab5b331b1be2d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...