Package impact
npm / react-router
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33244 | medium | 5.4 | 5.4 | 2d ago | React Router has stored XSS via unescaped Location header in prerendered redirect HTML | |||
| CVE-2026-40181 | unknown | — | — | 1d ago | React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation |