@clerk/chrome-extension (>=3.0.1-canary.v20260303211310 <=3.1.15-snapshot.v20260421194054), @clerk/expo (>=3.0.1-canary.v20260303211310 <=3.2.2-snapshot.v20260421194054) +7 more potentially affected by CVE-2026-42349 via @clerk/react (>=6.0.1-canary.v20260303211310 <=6.4.3-snapshot.v20260421194054)

@clerk/react NPM version =6.0.1-canary.v20260303211310, =3.0.1-canary.v20260303211310, =3.0.1-canary.v20260303211310, =7.0.1-canary.v20260303211310, =3.0.1-canary.v20260303211310, =1.0.1-canary.v20260303211310, =2.0.0, =2.0.0, =0.20.1-dev-push, =0.20.3-dev-push, =0.20.4-dev-push Source cves:...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in React (CVE-2018-6341)

Summary A vulnerability in React that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2018-6341 DESCRIPTION: React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack...

January “In the Trend of VM” (#23): vulnerabilities in Windows, React and MongoDB

January "In the Trend of VM" 23: vulnerabilities in Windows, React and MongoDB. Traditional monthly roundup of trending vulnerabilities. Launching the 2026 season. 🙂 🗞 Post on Habr rus 🗒 Digest on the PT website rus In total, three vulnerabilities: 🔻 EoP - Windows Cloud Files Mini Filter Driver...

@b42inc/remix-i18n (=0.0.1), @briandlee/remix-return-navigation (>=1.0.0 <=1.1.0-dev0) +72 more potentially affected by CVE-2026-21884 via @remix-run/react (>=0.0.0-experimental-a7ab46039 <=2.17.2)

@remix-run/react NPM version =0.0.0-experimental-a7ab46039, =1.0.0, =0.1.2, =1.0.0, =6.0.6-alpha.23, =0.0.2-alpha.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =0.0.22, =0.0.6, =0.1.0, =0.0.1, =5.0.4 and more Source cves: CVE-2026-21884 Source advisory: OSV:GHSA-8V8X-CX79-35W7...

Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions

Withdrawn Advisory This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency. Original Description LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182. 2025-12-15 Edit: t...

GHSA-VR6P-VQ2P-6J74 Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions

Withdrawn Advisory This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency. Original Description LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182. 2025-12-15 Edit: t...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell Exploit Kit 🎯 Complete Workin...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 A simp...

Exploit for Deserialization of Untrusted Data in Facebook React

💥 React2Shell-POC 💥 !pythonhttps://img.shields.io/badge/py...

PT-2025-49862

🧵 6/15: The Exploit simplified: The vulnerability CVE-2024-555182 lies in the deserialization process. React wasn't verifying if a requested key actually existed on the object during this process. This allows an attacker to sneak in a request for the constructor of a function...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182: Exploitation Artifacts An export of a small s...

Exploit for Deserialization of Untrusted Data in Facebook React

C...

Exploit for CVE-2025-55182

React RCE Vulnerability Scanner CVE-2025-55182 A comprehens...

Exploit for CVE-2025-55182

React 19 & Next.js Security Fix Prompts for AI Agents 🚨 CRI...

GHSA-P9F2-JG9W-CX69 Aim Stored Cross-site Scripting Vulnerability

A stored cross-site scripting XSS vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the dangerouslySetInnerHTML...

192.168.0.172 (=4.6.1), 2-ways-binding-example (=0.0.1) +2232 more potentially affected by unknown CVE via react (>=0.10.0 <=0.14.0-rc1)

react NPM version =0.10.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.10, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-HG79-J56M-FXGV...