SUSE CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

Linux Distros Unpatched Vulnerability : CVE-2026-22030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is...

Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users

Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users TL;DR Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability. An edg...

Linux Distros Unpatched Vulnerability : CVE-2025-68470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker- supplied path can be crafted so that when a React...

CVE-2025-61686

A security issue was discovered in the react-router/node component of React Router. It is possible for an attacker manipulate an unsigned cookie to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the...

Cross-site Scripting (XSS)

React Router is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of untrusted input in the API during server-side rendering when generating keys via the getKey or storageKey props, which allows an attacker to inject and execute arbitrary JavaScript...

Path Traversal

React Router is vulnerable to Path Traversal. The vulnerability is due to the use of createFileSessionStorage with an unsigned cookie, which allows an attacker to manipulate session identifiers to attempt read/write operations outside the intended session file directory, potentially accessing...

Open Redirect

React Router is vulnerable to Open Redirect. The vulnerability is due to unsafe handling of SPA navigation redirects generated from loaders or actions in certain modes, which allows an attacker to inject untrusted redirect URLs and trigger unintended JavaScript execution on the client...

Exploit for CVE-2025-11953

CVE-2025-11953 - React Native CLI RCE Research Environment !...

Cross-site Request Forgery

React Router is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections on document POST requests to UI routes, where server-side route action handlers or React Server Actions accept authenticated POST requests without origin validation, allowing...

Malicious Package

Overview react-hook-form-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2026-1970

Malicious code in react-hook-form-js npm...

Malicious code in react-hook-form-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10977fa5366d3d6e71079dade6da0fd8f346f3ce1d9d769f9664a89bdc7d4fe2 The package react-hook-form-js was found to contain malicious code. Source: ghsa-malware...

MAL-2026-232 Malicious code in react-hook-form-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10977fa5366d3d6e71079dade6da0fd8f346f3ce1d9d769f9664a89bdc7d4fe2 The package react-hook-form-js was found to contain malicious code. Source: ghsa-malware...

Linux Distros Unpatched Vulnerability : CVE-2026-22029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open...

Linux Distros Unpatched Vulnerability : CVE-2025-59057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exist...

PT-2026-2346

Warning: Multiple High Severity Vulnerabilities in React-Router. CVE-2025-61686, CVE-2026-22029, CVE-2026-59057 & others. Attackers can read sensitive files or hijack sessions! Patch Patch Patch More info: https://t.co/jRGNAD4XZZ...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 — React2Shell: Full Analysis, PoC Overview, and...

MAL-2026-200 Malicious code in wac-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0642cdcd4abbaddae08f167b77852150ee23b0b9b363fd7495df86b998a43533 The package wac-react was found to contain malicious code. Source: ghsa-malware 0ccbbe4984cb82022ab6dafda5531ee164a8b7554a4796e3936432f0e17bc8d6 Any...

Malicious code in wac-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0642cdcd4abbaddae08f167b77852150ee23b0b9b363fd7495df86b998a43533 The package wac-react was found to contain malicious code. Source: ghsa-malware 0ccbbe4984cb82022ab6dafda5531ee164a8b7554a4796e3936432f0e17bc8d6 Any...