| CVE-2026-42211 |
high |
8.1 |
8.1 |
|
|
|
1d ago |
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE |
| CVE-2026-33245 |
high |
8.0 |
8.0 |
|
|
|
1d ago |
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS… |
| CVE-2026-22029 |
high |
8.0 |
8.0 |
|
|
|
5mo ago |
React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from l… |
| CVE-2026-42342 |
high |
7.5 |
7.5 |
|
|
|
1d ago |
React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint |
| CVE-2026-33244 |
medium |
5.4 |
5.4 |
|
|
|
1d ago |
React Router has stored XSS via unescaped Location header in prerendered redirect HTML |
| CVE-2026-40181 |
unknown |
— |
— |
|
|
|
1d ago |
React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation |
| CVE-2026-22030 |
unknown |
— |
— |
|
|
|
5mo ago |
React Router has CSRF issue in Action/Server Action Request Processing |
| CVE-2026-21884 |
unknown |
— |
— |
|
|
|
5mo ago |
React Router SSR XSS in ScrollRestoration |
| CVE-2025-68470 |
unknown |
— |
— |
|
|
|
5mo ago |
React Router has unexpected external redirect via untrusted paths |
| CVE-2025-59057 |
unknown |
— |
— |
|
|
|
5mo ago |
React Router has XSS Vulnerability |
| CVE-2025-43865 |
unknown |
— |
— |
|
|
|
1y ago |
React Router allows pre-render data spoofing on React-Router framework mode |
| CVE-2025-43864 |
unknown |
— |
— |
|
|
|
1y ago |
React Router allows a DoS via cache poisoning by forcing SPA mode |
