Lucene search
K

4917 matches found

Github Security Blog
Github Security Blog
added 2026/01/08 8:57 p.m.10 views

React Router has CSRF issue in Action/Server Action Request Processing

React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...

6.5CVSS5.5AI score0.00128EPSS
Exploits0References3Affected Software2
vulnersOsv
vulnersOsv
added 2026/01/08 8:57 p.m.7 views

@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +73 more potentially affected by CVE-2026-22030 via react-router (>=7.0.0 <=7.12.0-pre.0)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-22030 Source advisory: OSV:GHSA-H5CW-625J-3RXH...

6.5CVSS5.7AI score0.00128EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/08 8:57 p.m.7 views

@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +73 more potentially affected by CVE-2026-22030 via react-router (>=7.0.0 <=7.12.0-pre.0)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-22030 Source advisory: SNYK:JS-REACTROUTER-14908429...

6.5CVSS5.7AI score0.00128EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/08 8:57 p.m.7 views

@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=10.0.1-alpha.0) +26 more potentially affected by CVE-2026-22030 via @remix-run/server-runtime (>=2.0.0-pre.0 <=2.17.2)

@remix-run/server-runtime NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =6.0.6-alpha.28, =0.1.0, =5.6.0, =5.13.0, =5.6.0, =5.6.0, =0.1.36, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.17.2 and more Source cves: CVE-2026-22030 Source advisory: SNYK:JS-REMIXRUNSERVERRUNTIME-14908428...

6.5CVSS5.7AI score0.00128EPSS
Exploits0
OSV
OSV
added 2026/01/08 8:57 p.m.5 views

GHSA-H5CW-625J-3RXH React Router has CSRF issue in Action/Server Action Request Processing

React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...

6.5CVSS5.5AI score0.00128EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/08 8:54 p.m.33 views

React Router vulnerable to XSS via Open Redirects

React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if developers are creating redirect paths...

8CVSS7.1AI score0.0077EPSS
Exploits0References3Affected Software2
vulnersOsv
vulnersOsv
added 2026/01/08 8:54 p.m.10 views

@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +73 more potentially affected by CVE-2026-22029 via react-router (>=7.0.0 <=7.12.0-pre.0)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-22029 Source advisory: SNYK:JS-REACTROUTER-14908531...

8CVSS6.2AI score0.0077EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/08 8:54 p.m.6 views

@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +73 more potentially affected by CVE-2026-22029 via react-router (>=7.0.0 <=7.12.0-pre.0)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-22029 Source advisory: OSV:GHSA-2W69-QVJG-HVJX...

8CVSS6.2AI score0.0077EPSS
Exploits0
OSV
OSV
added 2026/01/08 8:54 p.m.11 views

GHSA-2W69-QVJG-HVJX React Router vulnerable to XSS via Open Redirects

React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if developers are creating redirect paths...

8CVSS7AI score0.0077EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/08 8:50 p.m.7 views

React Router SSR XSS in ScrollRestoration

A XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. !NOTE This does not impact applications if...

8.2CVSS6.5AI score0.00472EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/01/08 8:50 p.m.2 views

GHSA-8V8X-CX79-35W7 React Router SSR XSS in ScrollRestoration

A XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. !NOTE This does not impact applications if...

8.2CVSS6.3AI score0.00472EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/01/08 8:50 p.m.8 views

@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +73 more potentially affected by CVE-2026-21884 via react-router (>=7.0.0 <=7.12.0-pre.0)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-21884 Source advisory: SNYK:JS-REACTROUTER-14908293...

8.2CVSS6.9AI score0.00472EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/08 8:50 p.m.11 views

@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=10.0.1-alpha.0) +6 more potentially affected by CVE-2026-21884 via @remix-run/react (>=2.0.0-pre.0 <=2.17.2)

@remix-run/react NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =0.1.0, =5.6.0, =0.1.36, =2.0.0, =3.0.0, =0.9.84, =0.11.29 Source cves: CVE-2026-21884 Source advisory: SNYK:JS-REMIXRUNREACT-14908292...

8.2CVSS6.9AI score0.00472EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/08 8:50 p.m.9 views

@b42inc/remix-i18n (=0.0.1), @briandlee/remix-return-navigation (>=1.0.0 <=1.1.0-dev0) +72 more potentially affected by CVE-2026-21884 via @remix-run/react (>=0.0.0-experimental-a7ab46039 <=2.17.2)

@remix-run/react NPM version =0.0.0-experimental-a7ab46039, =1.0.0, =0.1.2, =1.0.0, =6.0.6-alpha.23, =0.0.2-alpha.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =0.0.22, =0.0.6, =0.1.0, =0.0.1, =5.0.4 and more Source cves: CVE-2026-21884 Source advisory: OSV:GHSA-8V8X-CX79-35W7...

8.2CVSS6.9AI score0.00472EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/08 8:50 p.m.9 views

@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +73 more potentially affected by CVE-2026-21884 via react-router (>=7.0.0 <=7.12.0-pre.0)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-21884 Source advisory: OSV:GHSA-8V8X-CX79-35W7...

8.2CVSS6.9AI score0.00472EPSS
Exploits0
Snyk
Snyk
added 2026/01/08 8:48 p.m.4 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the resolvePath function when used with navigate, , or redirect. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. Note: This is only exploitabl...

7.1CVSS6.7AI score0.00198EPSS
Exploits0References2
OSV
OSV
added 2026/01/08 8:48 p.m.2 views

GHSA-9JCX-V3WJ-WH4M React Router has unexpected external redirect via untrusted paths

An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an issue if developers pass untrusted content into navigation paths in their application code...

6.5CVSS5.9AI score0.00198EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/08 8:48 p.m.4 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the resolvePath function when used with navigate, , or redirect. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. Note: This is only exploitabl...

7.1CVSS6.7AI score0.00198EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/08 8:48 p.m.9 views

React Router has unexpected external redirect via untrusted paths

An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an issue if developers pass untrusted content into navigation paths in their application code...

6.5CVSS6.8AI score0.00198EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/01/08 8:48 p.m.11 views

10xanswers (>=1.1.0 <=1.1.16), 31g-form-parser (=1.0.107) +3405 more potentially affected by CVE-2025-68470 via react-router (>=7.0.0 <=7.9.6-pre.1)

react-router NPM version =7.0.0, =1.1.0, =1.0.0, =0.0.6, =0.0.1, =0.1.0, =3.1.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.1, =5.0.8 and more Source cves: CVE-2025-68470 Source advisory: SNYK:JS-REACTROUTER-14908286...

6.5CVSS5.7AI score0.00198EPSS
Exploits0
Rows per page
Query Builder