| CVE-2026-42211 |
high |
8.1 |
8.1 |
|
|
|
2d ago |
React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through extern… |
| CVE-2026-33245 |
high |
8.0 |
8.0 |
|
|
|
2d ago |
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS… |
| CVE-2026-22029 |
high |
8.0 |
8.0 |
|
|
|
5mo ago |
React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from l… |
| CVE-2026-42342 |
high |
7.5 |
7.5 |
|
|
|
2d ago |
React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportio… |
| CVE-2026-34077 |
high |
7.5 |
7.5 |
|
|
|
2d ago |
React Router vulnerable to Denial of Service via reflected user input in single-fetch |
| CVE-2026-40181 |
unknown |
— |
— |
|
|
|
2d ago |
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to p… |
