4917 matches found
10xanswers (>=1.1.0 <=1.1.16), 31g-form-parser (=1.0.107) +3405 more potentially affected by CVE-2025-68470 via react-router (>=7.0.0 <=7.9.6-pre.1)
react-router NPM version =7.0.0, =1.1.0, =1.0.0, =0.0.6, =0.0.1, =0.1.0, =3.1.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.1, =5.0.8 and more Source cves: CVE-2025-68470 Source advisory: OSV:GHSA-9JCX-V3WJ-WH4M...
@1023-ventures/merope2 (>=0.2.1 <=0.2.9), @1023-ventures/vega-core (>=0.5.0 <=0.6.2) +1054 more potentially affected by CVE-2025-68470 via react-router (>=6.0.0 <=6.30.2-pre-v6.0)
react-router NPM version =6.0.0, =0.2.1, =0.5.0, =0.0.1, =0.0.1, =3.0.0, =1.0.0, =1.0.0, =1.0.0, =2.7.0, =0.0.1, =0.1.0, =0.0.0, =5.0.0, =5.0.0, =6.1.12 and more Source cves: CVE-2025-68470 Source advisory: OSV:GHSA-9JCX-V3WJ-WH4M...
@1023-ventures/merope2 (>=0.2.1 <=0.2.9), @1023-ventures/vega-core (>=0.5.0 <=0.6.2) +1054 more potentially affected by CVE-2025-68470 via react-router (>=6.0.0 <=6.30.2-pre-v6.0)
react-router NPM version =6.0.0, =0.2.1, =0.5.0, =0.0.1, =0.0.1, =3.0.0, =1.0.0, =1.0.0, =1.0.0, =2.7.0, =0.0.1, =0.1.0, =0.0.0, =5.0.0, =5.0.0, =6.1.12 and more Source cves: CVE-2025-68470 Source advisory: SNYK:JS-REACTROUTER-14908286...
org.webjars.npm:react-router-dom (>=6.0.0-beta.8 <=6.30.0) potentially affected by CVE-2025-68470 via org.webjars.npm:react-router (>=6.0.0-beta.8 <=6.30.0)
org.webjars.npm:react-router MAVEN version =6.0.0-beta.8, =6.0.0-beta.8, =6.30.0 Source cves: CVE-2025-68470 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14908288...
GHSA-9583-H5HC-X8CW React Router has Path Traversal in File Session Storage
If applications use createFileSessionStorage from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the...
@agent-native/core (>=0.4.2 <=0.47.1), @akrc/fnpm (=1.13.1) +123 more potentially affected by CVE-2025-61686 via @react-router/node (>=7.0.0 <=7.9.4-pre.0)
@react-router/node NPM version =7.0.0, =0.4.2, =0.2.3, =7.8.3-alpha.1, =0.9.1, =0.7.1, =0.1.0, =0.1.0, =0.0.1, =0.0.1-dev.8, =0.0.1-0, =0.0.1-alpha.6, =3.8.8, =2.1.0, =3.4.0 and more Source cves: CVE-2025-61686 Source advisory: SNYK:JS-REACTROUTERNODE-14908860...
@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=10.0.1-alpha.0) +18 more potentially affected by CVE-2025-61686 via @remix-run/node (>=2.0.0-pre.0 <=2.17.1)
@remix-run/node NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =6.0.6-alpha.28, =0.1.0, =5.6.0, =5.13.0, =5.6.0, =5.6.0, =0.1.36, =2.0.0, =2.10.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2025-61686 Source advisory: SNYK:JS-REMIXRUNNODE-14908858...
@agent-native/core (>=0.4.2 <=0.47.1), @akrc/fnpm (=1.13.1) +123 more potentially affected by CVE-2025-61686 via @react-router/node (>=7.0.0 <=7.9.4-pre.0)
@react-router/node NPM version =7.0.0, =0.4.2, =0.2.3, =7.8.3-alpha.1, =0.9.1, =0.7.1, =0.1.0, =0.1.0, =0.0.1, =0.0.1-dev.8, =0.0.1-0, =0.0.1-alpha.6, =3.8.8, =2.1.0, =3.4.0 and more Source cves: CVE-2025-61686 Source advisory: OSV:GHSA-9583-H5HC-X8CW...
React Router has XSS Vulnerability
A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. !NOTE This does not impact applications using Declarative Mode or Data Mod...
Cross-site Scripting (XSS)
Overview @remix-run/react is a React DOM bindings for Remix Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Meta API in Framework Mode when generating script:ld+json tags during server-side rendering with untrusted content. An attacker can execute arbitrary...
GHSA-3CGP-3XVW-98X8 React Router has XSS Vulnerability
A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. !NOTE This does not impact applications using Declarative Mode or Data Mod...
10xanswers (>=1.1.0 <=1.1.16), 31g-form-parser (=1.0.107) +3393 more potentially affected by CVE-2025-59057 via react-router (>=7.0.0 <=7.9.0-pre.1)
react-router NPM version =7.0.0, =1.1.0, =1.0.0, =0.0.6, =0.0.1, =0.1.0, =3.1.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.1, =5.0.8 and more Source cves: CVE-2025-59057 Source advisory: OSV:GHSA-3CGP-3XVW-98X8...
@b42inc/remix-i18n (=0.0.1), @briandlee/remix-return-navigation (>=1.0.0 <=1.1.0-dev0) +70 more potentially affected by CVE-2025-59057 via @remix-run/react (>=1.15.0 <=2.17.0)
@remix-run/react NPM version =1.15.0, =1.0.0, =0.1.2, =1.0.0, =6.0.6-alpha.23, =0.0.2-alpha.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =0.0.22, =0.0.6, =0.0.1, =5.6.0, =5.28.0 and more Source cves: CVE-2025-59057 Source advisory: SNYK:JS-REMIXRUNREACT-14908290...
@b42inc/remix-i18n (=0.0.1), @briandlee/remix-return-navigation (>=1.0.0 <=1.1.0-dev0) +70 more potentially affected by CVE-2025-59057 via @remix-run/react (>=1.15.0 <=2.17.0)
@remix-run/react NPM version =1.15.0, =1.0.0, =0.1.2, =1.0.0, =6.0.6-alpha.23, =0.0.2-alpha.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =0.0.22, =0.0.6, =0.0.1, =5.6.0, =5.28.0 and more Source cves: CVE-2025-59057 Source advisory: OSV:GHSA-3CGP-3XVW-98X8...
10xanswers (>=1.1.0 <=1.1.16), 31g-form-parser (=1.0.107) +3393 more potentially affected by CVE-2025-59057 via react-router (>=7.0.0 <=7.9.0-pre.1)
react-router NPM version =7.0.0, =1.1.0, =1.0.0, =0.0.6, =0.0.1, =0.1.0, =3.1.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.1, =5.0.8 and more Source cves: CVE-2025-59057 Source advisory: SNYK:JS-REACTROUTER-14908289...
Exploit for Deserialization of Untrusted Data in Facebook React
No d...
Exploit for Deserialization of Untrusted Data in Facebook React
🛠️ React2Shell - Simplifying React Exploitation Framework...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 React2Shell - Proof of Concept ⚠️ SECURIT...
PT-2026-1810
🟠 React Router, Cross-Site Request Forgery, CVE-2025-47216 Moderate https://t.co/LQdTXi1ca7...
PT-2026-2137
Name of the Vulnerable Software and Affected Versions React Router versions 7.0.0 through 7.11.0 @remix-run/router versions prior to 1.23.2 Description React Router, a router for React, is susceptible to open redirect issues. Specifically, Single Page Applications SPAs using React Router and Remi...