Lucene search
K

189 matches found

NVD
NVD
added 2026/01/10 3:15 a.m.8 views

CVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

8CVSS0.0077EPSS
Exploits0References37
Cvelist
Cvelist
added 2026/01/10 2:42 a.m.37 views

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/10 2:42 a.m.3 views

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References1
OSV
OSV
added 2026/01/10 2:42 a.m.5 views

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/10 2:42 a.m.4 views

CVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

8CVSS5.9AI score0.0077EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/01/10 2:42 a.m.5 views

CVE-2026-22029 React Router vulnerable to XSS via Open Redirects

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

8CVSS6.5AI score0.0077EPSS
Exploits0References36
CVE
CVE
added 2026/01/10 2:42 a.m.155 views

CVE-2026-22029

CVE-2026-22029 stems from React Router/Remix Router open redirects in framework-mode redirects. Affected: @remix-run/router <1.23.2 and react-router <7.12.0 (7.0.0–7.11.0). Impact: unsafe URLs and potentially unintended JavaScript execution on the client when redirects originate from loader...

8CVSS6.8AI score0.0077EPSS
Exploits0References37Affected Software1
CVE
CVE
added 2026/01/10 2:41 a.m.33 views

CVE-2026-21884

CVE-2026-21884 is a Cross-Site Scripting (XSS) vulnerability in React Router SSR usage. Affected: @remix-run/react prior to 2.17.3 and react-router 7.0.0–7.11.0. Root cause: during Server-Side Rendering in Framework Mode, using getKey/storageKey with can allow arbitrary JavaScript execution if u...

8.2CVSS6.1AI score0.00472EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2026/01/10 2:41 a.m.3 views

CVE-2026-21884 React Router SSR XSS in ScrollRestoration

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

8.2CVSS6.2AI score0.00472EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/01/10 2:41 a.m.28 views

CVE-2026-21884 React Router SSR XSS in ScrollRestoration

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

8.2CVSS0.00472EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/10 2:41 a.m.3 views

CVE-2026-21884 React Router SSR XSS in ScrollRestoration

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

8.2CVSS6.1AI score0.00472EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/10 2:41 a.m.2 views

CVE-2025-61686 React Router has Path Traversal in File Session Storage

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...

9.1CVSS5.8AI score0.16104EPSS
Exploits0References1
OSV
OSV
added 2026/01/10 2:41 a.m.26 views

CVE-2025-61686 React Router has Path Traversal in File Session Storage

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...

9.1CVSS6.5AI score0.16104EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/10 2:41 a.m.127 views

CVE-2025-61686 React Router has Path Traversal in File Session Storage

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...

9.1CVSS0.16104EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/10 2:40 a.m.25 views

CVE-2025-59057 React Router has XSS Vulnerability

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...

7.6CVSS0.00448EPSS
Exploits0References1
OSV
OSV
added 2026/01/10 2:40 a.m.6 views

CVE-2025-59057 React Router has XSS Vulnerability

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...

7.6CVSS6.4AI score0.00448EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/01/10 2:40 a.m.5 views

CVE-2025-59057 React Router has XSS Vulnerability

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...

7.6CVSS6.1AI score0.00448EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.11 views

PT-2026-2138

Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.11.0 @remix-run/server-runtime versions prior to 2.17.3 Description React Router, used as a router for React applications, is susceptible to Cross-Site Request Forgery CSRF attacks. This affects document...

6.5CVSS6.4AI score0.00128EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/01/08 8:57 p.m.7 views

@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=10.0.1-alpha.0) +26 more potentially affected by CVE-2026-22030 via @remix-run/server-runtime (>=2.0.0-pre.0 <=2.17.2)

@remix-run/server-runtime NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =6.0.6-alpha.28, =0.1.0, =5.6.0, =5.13.0, =5.6.0, =5.6.0, =0.1.36, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.17.2 and more Source cves: CVE-2026-22030 Source advisory: SNYK:JS-REMIXRUNSERVERRUNTIME-14908428...

6.5CVSS5.7AI score0.00128EPSS
Exploits0
Snyk
Snyk
added 2026/01/08 8:57 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview @remix-run/server-runtime is a Server runtime for Remix Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper origin checks of UI route submissions in server-side route action handlers in Framework Mode. An attacker can execute unauthoriz...

6.9CVSS6.8AI score0.00128EPSS
Exploits0References3
Rows per page
Query Builder