EUVD-2026-19888

RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests...

PT-2026-30990

RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger...