Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/react-native-webview@11.0.0
purl pkg:npm/react-native-webview@11.0.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-zv9w-wnfw-5ue5 Android WebView Universal Cross-site Scripting A universal cross-site scripting (UXSS) vulnerability, CVE-2020-6506 (https://crbug.com/1083819), has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps which use a `react-native-webview` that allows navigation to arbitrary URLs, and when that app runs on systems with an Android WebView version prior to 83.0.4103.106. ## Pending mitigation Ensure users update their Android WebView system component via the Google Play Store to 83.0.4103.106 or higher to avoid this UXSS. 'react-native-webview' is working on a mitigation but it could take some time. ### References https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/ CVE-2020-6506
GHSA-36j3-xxf7-4pqg

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-02T12:37:32.739749+00:00 GitLab Importer Fixing VCID-zv9w-wnfw-5ue5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/react-native-webview/CVE-2020-6506.yml 38.0.0
2026-04-01T15:58:54.067422+00:00 GHSA Importer Fixing VCID-zv9w-wnfw-5ue5 https://github.com/advisories/GHSA-36j3-xxf7-4pqg 38.0.0
2026-04-01T12:59:26.144017+00:00 GithubOSV Importer Fixing VCID-zv9w-wnfw-5ue5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-36j3-xxf7-4pqg/GHSA-36j3-xxf7-4pqg.json 38.0.0