GHSA-FM8C-6M29-RP6J repostat: Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard

Impact The RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo prop during the loading state without any sanitization. If a developer using this package passe...

repostat: Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard

Impact The RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo prop during the loading state without any sanitization. If a developer using this package passe...

CVE-2026-27612

CVE-2026-27612 concerns the Repostat React component before version 1.0.1, where the repo prop is rendered with dangerouslySetInnerHTML during loading, allowing reflected XSS if unvalidated input is provided. The issue is fixed in 1.0.1 by switching to safe JSX data binding. The CVSSv3.1 base sco...

Cross-site Scripting (XSS)

Overview symfony/ux-twig-component is a Twig components for Symfony Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ComponentAttributes class. An attacker can manipulate HTML attribute outputs and potentially execute scripts in the context of the affected web...