Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 – React2Shell React Server Components / Next...

EUVD-2025-203449

LikeC4 has RCE through vulnerable React and Next.js versions...

Exploit for Deserialization of Untrusted Data in Facebook React

Vulnerable React Application CVE-2025-55182 This applicatio...

GHSA-MWV6-3258-Q52C Next Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...

Next Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...

React Server Components deserialization vulnerability

Added: 12/11/2025 Background React is a Javascript library for building user interfaces. React Server Components are React components designed for running on web servers. Problem A deserialization vulnerability in React Server Components allows a remote attacker to execute arbitrary commands by...

Next.js is vulnerable to RCE in React flight protocol

A vulnerability affects certain React packages1 for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55182. Fixed in: React: 19.0.1, 19.1.2, 19.2.1 Next.js:...

@crowdstrike/alloy-react (>=0.0.2 <=0.0.5) potentially affected by unknown CVE via @crowdstrike/foundry-js (=0.17.1)

@crowdstrike/foundry-js NPM version =0.17.1 is affected by a known vulnerability. The following packages have a transitive dependency on @crowdstrike/foundry-js and may be impacted: - @crowdstrike/alloy-react =0.0.2, =0.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47234...

@aprilsacil/wallet (>=0.1.36 <=0.1.51), @chainfuse/react (>=0.0.46 <=0.1.0-dev.96) +15 more potentially affected by CVE-2023-30543 via @web3-react/coinbase-wallet (>=8.0.31-beta.0 <=8.0.34-beta.0)

@web3-react/coinbase-wallet NPM version =8.0.31-beta.0, =0.1.36, =0.0.46, =0.0.70, =0.0.6-alpha.0, =0.1.0, =0.0.1, =0.1.0, =0.13.29, =0.1.20, =0.0.1, =0.0.2, =0.0.11, =0.1.31 and more Source cves: CVE-2023-30543 Source advisory: OSV:GHSA-8PF3-6FGR-3G3G...