VulnerableCode Package Details - pkg:npm/react-native-webview@5.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-zv9w-wnfw-5ue5 Aliases: CVE-2020-6506 GHSA-36j3-xxf7-4pqg	Android WebView Universal Cross-site Scripting A universal cross-site scripting (UXSS) vulnerability, CVE-2020-6506 (https://crbug.com/1083819), has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps which use a `react-native-webview` that allows navigation to arbitrary URLs, and when that app runs on systems with an Android WebView version prior to 83.0.4103.106. ## Pending mitigation Ensure users update their Android WebView system component via the Google Play Store to 83.0.4103.106 or higher to avoid this UXSS. 'react-native-webview' is working on a mitigation but it could take some time. ### References https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/	11.0.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-zv9w-wnfw-5ue5
Aliases:
CVE-2020-6506
GHSA-36j3-xxf7-4pqg

Android WebView Universal Cross-site Scripting A universal cross-site scripting (UXSS) vulnerability, CVE-2020-6506 (https://crbug.com/1083819), has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps which use a `react-native-webview` that allows navigation to arbitrary URLs, and when that app runs on systems with an Android WebView version prior to 83.0.4103.106. ## Pending mitigation Ensure users update their Android WebView system component via the Google Play Store to 83.0.4103.106 or higher to avoid this UXSS. 'react-native-webview' is working on a mitigation but it could take some time. ### References https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/

11.0.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:12:40.232896+00:00	GitLab Importer	Affected by	VCID-zv9w-wnfw-5ue5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/react-native-webview/CVE-2020-6506.yml	38.4.0
2026-04-11T22:24:39.882336+00:00	GitLab Importer	Affected by	VCID-zv9w-wnfw-5ue5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/react-native-webview/CVE-2020-6506.yml	38.3.0
2026-04-02T22:36:32.995213+00:00	GitLab Importer	Affected by	VCID-zv9w-wnfw-5ue5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/react-native-webview/CVE-2020-6506.yml	38.1.0
2026-04-01T16:53:48.133987+00:00	GitLab Importer	Affected by	VCID-zv9w-wnfw-5ue5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/react-native-webview/CVE-2020-6506.yml	38.0.0