@agent-native/core (>=0.4.2 <=0.14.6), @akrc/fnpm (=1.13.1) +111 more potentially affected by CVE-2025-61686 via @react-router/node (>=7.0.0 <=7.9.4-pre.0)

@react-router/node NPM version =7.0.0, =0.4.2, =0.2.3, =7.8.3-alpha.1, =0.9.1, =0.7.1, =0.1.0, =0.1.0, =0.0.1-dev.8, =0.0.1-0, =0.0.1-alpha.6, =3.8.8, =0.3.1, =0.0.13, =0.0.53 and more Source cves: CVE-2025-61686 Source advisory: SNYK:JS-REACTROUTERNODE-14908860...

@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=9.0.2-alpha.7) +18 more potentially affected by CVE-2025-61686 via @remix-run/node (>=2.0.0-pre.0 <=2.17.1)

@remix-run/node NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =6.0.6-alpha.28, =0.1.0, =5.6.0, =5.13.0, =5.6.0, =5.6.0, =0.1.36, =2.0.0, =2.10.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2025-61686 Source advisory: SNYK:JS-REMIXRUNNODE-14908858...

@b42inc/remix-i18n (=0.0.1), @briandlee/remix-return-navigation (>=1.0.0 <=1.1.0-dev0) +70 more potentially affected by CVE-2025-59057 via @remix-run/react (>=1.15.0 <=2.17.0)

@remix-run/react NPM version =1.15.0, =1.0.0, =0.1.2, =1.0.0, =6.0.6-alpha.23, =0.0.2-alpha.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =0.0.22, =0.0.6, =0.0.1, =5.6.0, =5.28.0 and more Source cves: CVE-2025-59057 Source advisory: SNYK:JS-REMIXRUNREACT-14908290...

@b42inc/remix-i18n (=0.0.1), @briandlee/remix-return-navigation (>=1.0.0 <=1.1.0-dev0) +70 more potentially affected by CVE-2025-59057 via @remix-run/react (>=1.15.0 <=2.17.0)

@remix-run/react NPM version =1.15.0, =1.0.0, =0.1.2, =1.0.0, =6.0.6-alpha.23, =0.0.2-alpha.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =0.0.22, =0.0.6, =0.0.1, =5.6.0, =5.28.0 and more Source cves: CVE-2025-59057 Source advisory: OSV:GHSA-3CGP-3XVW-98X8...

GHSA-3CGP-3XVW-98X8 React Router has XSS Vulnerability

A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. !NOTE This does not impact applications using Declarative Mode or Data Mod...

React Router has XSS Vulnerability

A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. !NOTE This does not impact applications using Declarative Mode or Data Mod...

Cross-site Scripting (XSS)

Overview @remix-run/react is a React DOM bindings for Remix Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Meta API in Framework Mode when generating script:ld+json tags during server-side rendering with untrusted content. An attacker can execute arbitrary...

10xanswers (>=1.1.0 <=1.1.16), 31g-form-parser (=1.0.107) +3202 more potentially affected by CVE-2025-59057 via react-router (>=7.0.0 <=7.9.0-pre.1)

react-router NPM version =7.0.0, =1.1.0, =1.0.0, =0.0.6, =0.0.1, =0.1.0, =3.1.0-beta.1, =1.0.0, =0.0.2, =3.1.61, =3.2.206 and more Source cves: CVE-2025-59057 Source advisory: SNYK:JS-REACTROUTER-14908289...

10xanswers (>=1.1.0 <=1.1.16), 31g-form-parser (=1.0.107) +3202 more potentially affected by CVE-2025-59057 via react-router (>=7.0.0 <=7.9.0-pre.1)

react-router NPM version =7.0.0, =1.1.0, =1.0.0, =0.0.6, =0.0.1, =0.1.0, =3.1.0-beta.1, =1.0.0, =0.0.2, =3.1.61, =3.2.206 and more Source cves: CVE-2025-59057 Source advisory: OSV:GHSA-3CGP-3XVW-98X8...

Exploit for Deserialization of Untrusted Data in Facebook React

No d...

Exploit for Deserialization of Untrusted Data in Facebook React

🛠️ React2Shell - Simplifying React Exploitation Framework...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell - Proof of Concept ⚠️ SECURIT...

PT-2026-2137

Name of the Vulnerable Software and Affected Versions React Router versions 7.0.0 through 7.11.0 @remix-run/router versions prior to 1.23.2 Description React Router, a router for React, is susceptible to open redirect issues. Specifically, Single Page Applications SPAs using React Router and Remi...

PT-2026-1810

🟠 React Router, Cross-Site Request Forgery, CVE-2025-47216 Moderate https://t.co/LQdTXi1ca7...

Malicious code in create-react-app-lambda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dce198bea6270ee06edafb853bcde3e517778beca89073512ee6d6cf1da2304 The package create-react-app-lambda was found to contain malicious code. Source: ghsa-malware...

MAL-2026-132 Malicious code in create-react-app-lambda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dce198bea6270ee06edafb853bcde3e517778beca89073512ee6d6cf1da2304 The package create-react-app-lambda was found to contain malicious code. Source: ghsa-malware...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-202...

CVE-2019-12164

ubuntu-server.js in Status React Native Desktop before v0.57.8mobileui allows Remote Code Execution...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-202...

Malicious code in react-native-kyc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3d1ae391e8ec2bcc50f5d507ae3566a122058f2d3aa4227b5abf64ecc43990a The package react-native-kyc was found to contain malicious code. Source: ghsa-malware b07a2ced47f073e338b59c9aed3d551f9e8acbbe7c1e02102b7a9c8fb37250...