| CVE-2026-42211 |
high |
8.1 |
8.1 |
|
|
|
2d ago |
React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through extern… |
| CVE-2026-22029 |
high |
8.0 |
8.0 |
|
|
|
5mo ago |
React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from l… |
| CVE-2026-42342 |
high |
7.5 |
7.5 |
|
|
|
2d ago |
React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportio… |
| CVE-2026-34077 |
high |
7.5 |
7.5 |
|
|
|
2d ago |
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS… |
| CVE-2026-40181 |
medium |
6.1 |
6.1 |
|
|
|
2d ago |
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to p… |
| CVE-2026-33244 |
medium |
5.4 |
5.4 |
|
|
|
2d ago |
React Router has stored XSS via unescaped Location header in prerendered redirect HTML |
| CVE-2026-33245 |
medium |
4.7 |
4.7 |
|
|
|
2d ago |
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS… |
