4917 matches found
React Router has CSRF issue in Action/Server Action Request Processing
React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...
@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +73 more potentially affected by CVE-2026-22030 via react-router (>=7.0.0 <=7.12.0-pre.0)
react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-22030 Source advisory: OSV:GHSA-H5CW-625J-3RXH...
@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +73 more potentially affected by CVE-2026-22030 via react-router (>=7.0.0 <=7.12.0-pre.0)
react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-22030 Source advisory: SNYK:JS-REACTROUTER-14908429...
@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=10.0.1-alpha.0) +26 more potentially affected by CVE-2026-22030 via @remix-run/server-runtime (>=2.0.0-pre.0 <=2.17.2)
@remix-run/server-runtime NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =6.0.6-alpha.28, =0.1.0, =5.6.0, =5.13.0, =5.6.0, =5.6.0, =0.1.36, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.17.2 and more Source cves: CVE-2026-22030 Source advisory: SNYK:JS-REMIXRUNSERVERRUNTIME-14908428...
GHSA-H5CW-625J-3RXH React Router has CSRF issue in Action/Server Action Request Processing
React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...
React Router vulnerable to XSS via Open Redirects
React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if developers are creating redirect paths...
@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +73 more potentially affected by CVE-2026-22029 via react-router (>=7.0.0 <=7.12.0-pre.0)
react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-22029 Source advisory: SNYK:JS-REACTROUTER-14908531...
@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +73 more potentially affected by CVE-2026-22029 via react-router (>=7.0.0 <=7.12.0-pre.0)
react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-22029 Source advisory: OSV:GHSA-2W69-QVJG-HVJX...
GHSA-2W69-QVJG-HVJX React Router vulnerable to XSS via Open Redirects
React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if developers are creating redirect paths...
React Router SSR XSS in ScrollRestoration
A XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. !NOTE This does not impact applications if...
GHSA-8V8X-CX79-35W7 React Router SSR XSS in ScrollRestoration
A XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. !NOTE This does not impact applications if...
@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +73 more potentially affected by CVE-2026-21884 via react-router (>=7.0.0 <=7.12.0-pre.0)
react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-21884 Source advisory: SNYK:JS-REACTROUTER-14908293...
@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=10.0.1-alpha.0) +6 more potentially affected by CVE-2026-21884 via @remix-run/react (>=2.0.0-pre.0 <=2.17.2)
@remix-run/react NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =0.1.0, =5.6.0, =0.1.36, =2.0.0, =3.0.0, =0.9.84, =0.11.29 Source cves: CVE-2026-21884 Source advisory: SNYK:JS-REMIXRUNREACT-14908292...
@b42inc/remix-i18n (=0.0.1), @briandlee/remix-return-navigation (>=1.0.0 <=1.1.0-dev0) +72 more potentially affected by CVE-2026-21884 via @remix-run/react (>=0.0.0-experimental-a7ab46039 <=2.17.2)
@remix-run/react NPM version =0.0.0-experimental-a7ab46039, =1.0.0, =0.1.2, =1.0.0, =6.0.6-alpha.23, =0.0.2-alpha.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =0.0.22, =0.0.6, =0.1.0, =0.0.1, =5.0.4 and more Source cves: CVE-2026-21884 Source advisory: OSV:GHSA-8V8X-CX79-35W7...
@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +73 more potentially affected by CVE-2026-21884 via react-router (>=7.0.0 <=7.12.0-pre.0)
react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-21884 Source advisory: OSV:GHSA-8V8X-CX79-35W7...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the resolvePath function when used with navigate, , or redirect. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. Note: This is only exploitabl...
GHSA-9JCX-V3WJ-WH4M React Router has unexpected external redirect via untrusted paths
An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an issue if developers pass untrusted content into navigation paths in their application code...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the resolvePath function when used with navigate, , or redirect. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. Note: This is only exploitabl...
React Router has unexpected external redirect via untrusted paths
An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an issue if developers pass untrusted content into navigation paths in their application code...
10xanswers (>=1.1.0 <=1.1.16), 31g-form-parser (=1.0.107) +3405 more potentially affected by CVE-2025-68470 via react-router (>=7.0.0 <=7.9.6-pre.1)
react-router NPM version =7.0.0, =1.1.0, =1.0.0, =0.0.6, =0.0.1, =0.1.0, =3.1.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.1, =5.0.8 and more Source cves: CVE-2025-68470 Source advisory: SNYK:JS-REACTROUTER-14908286...