Allocation of Resources Without Limits or Throttling

Overview @modern-js/utils is a progressive web framework based on React. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the createMap, createSet, and extractIterator functions in packages/react-server/src/ReactFlightReplyServer.js. An...

@4399ywkf/router (>=0.0.1 <=0.0.4), @akash-aw/aw-wizard-forms (=4.14.0) +157 more potentially affected by CVE-2025-55184 +1 more via @modern-js/utils (>=2.65.2 <=2.70.4)

@modern-js/utils NPM version =2.65.2, =0.0.1, =1.0.0, =1.0.0, =0.44.0, =2.23.0, =0.3.53, =0.0.0-beta.1, =1.0.1, =0.30.0, =0.39.0 and more Source cves: CVE-2025-55184, CVE-2026-23864 Source advisory: SNYK:JS-MODERNJSUTILS-15120607...

Arbitrary Code Injection

Overview @modern-js/utils is a progressive web framework based on React. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization of RSC payloads from HTTP requests to Server Function endpoints. An unauthenticated attacker can execute arbitrary code ...