15 matches found
@amazeelabs/bridge-waku (>=1.1.0 <=2.0.1), @amazeelabs/executors (>=3.0.0 <=3.1.14) +50 more potentially affected by CVE-2025-55184 +1 more via react-server-dom-webpack (>=19.0.0-canary-36e62c603-20240418 <=19.0.1)
react-server-dom-webpack NPM version =19.0.0-canary-36e62c603-20240418, =1.1.0, =3.0.0, =1.1.0, =1.1.0, =1.0.0-canary.12245, =0.9.1-next.19, =1.0.0-canary.12245, =0.9.1-next.19, =1.0.0-canary.12245, =1.0.0-canary.12245, =1.0.0-canary.12245, =0.9.1-next.19, =1.0.0-canary.12245, =1.0.0-canary.12245...
Allocation of Resources Without Limits or Throttling
Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttli...
@cedarjs/api-server (>=1.0.0-canary.12863 <=3.0.0-canary.13332), @cedarjs/cli (>=1.0.0-canary.12863 <=3.0.0-canary.13332) +10 more potentially affected by CVE-2025-55184 +1 more via react-server-dom-webpack (>=19.2.1 <=19.2.3)
react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...
Exploit for Deserialization of Untrusted Data in Facebook React
🛡️ CVE-2025-55184Testing - Simple Tool for Security Scanning...
Security Bulletin: User Entity Behavior Analytics app for IBM QRadar SIEM includes components with known vulnerabilities
Summary Components with known vulnerabilities were addressed in a IBM User Entity Behavior Analytics app release Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and...
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
It was discovered that the fix for CVE-2025-55184 in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. This vulnerability affects React...
Next Vulnerable to Denial of Service with Server Components
A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...
@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +18 more potentially affected by CVE-2025-55184 via react-server-dom-webpack (>=19.0.0 <=19.0.1)
react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...
@cedarjs/api-server (>=1.0.0-canary.12863 <=1.0.0-canary.12878), @cedarjs/cli (>=1.0.0-canary.12863 <=2.0.3-next.1) +10 more potentially affected by CVE-2025-55184 via react-server-dom-webpack (=19.2.1)
react-server-dom-webpack NPM version =19.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...
@cedarjs/api-server (>=1.0.0-canary.12863 <=3.0.0-canary.13332), @cedarjs/cli (>=1.0.0-canary.12863 <=3.0.0-canary.13332) +10 more potentially affected by CVE-2025-55183 +1 more via react-server-dom-webpack (>=19.2.1 <=19.2.3)
react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...
@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +18 more potentially affected by CVE-2025-55183 +1 more via react-server-dom-webpack (>=19.0.0 <=19.0.1)
react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...
K000158154: React framework vulnerability CVE-2025-55184
Security Advisory Description A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and...
@cedarjs/api-server (>=1.0.0-canary.12863 <=1.0.0-canary.12878), @cedarjs/cli (>=1.0.0-canary.12863 <=2.0.3-next.1) +10 more potentially affected by CVE-2025-55183 +1 more via react-server-dom-webpack (=19.2.1)
react-server-dom-webpack NPM version =19.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...
github-release-monitor -- multiple vulnerabilities
https://nextjs.org/blog/security-update-2025-12-11 reports: Description Medium Source Code Exposure: CVE-2025-55183 A specifically crafted HTTP request can cause a Server Function to return the compiled source code of other Server Functions in your application. This could reveal business logic...
CVE-2025-55184
creationtimestamp| type| source ---|---|--- 2025-12-05 13:54:28+00:00| seen| https://vulnerability.circl.lu/bundle/6739b288-995a-4f1a-9f03-5d1ced3a8fbd 2025-12-11 20:51:04+00:00| seen| https://bsky.app/profile/react.dev/post/3m7qhaqdxuc2v 2025-12-11 20:51:04+00:00| seen|...