VIR Vulnerability Intelligence Relay

Package impact

npm npm / react-router

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-40181 medium 6.1 6.1 2d ago React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to p…
CVE-2026-33244 medium 5.4 5.4 2d ago React Router has stored XSS via unescaped Location header in prerendered redirect HTML
CVE-2026-33245 medium 4.7 4.7 2d ago React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS…