Package impact
npm / react-router
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33244 | medium | 5.4 | 5.4 | 2d ago | React Router has stored XSS via unescaped Location header in prerendered redirect HTML | |||
| CVE-2026-40181 | unknown | — | — | 2d ago | React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to p… |