Major React Native Security Flaws Endanger Millions of Developers
A critical security vulnerability in the '@react-native-community/cli' npm package, affecting millions of developers, allowed remote attackers to execute arbitrary OS commands via the Metro development server. The flaw, tracked as CVE-2025-11953 with a CVSS score of 9.8, has been patched in version 20.0.0, highlighting the importance of security scanning in the software supply chain.