13 Total advisories
13 Vulnerabilities
0 Malware
Vulnerabilities
HIGH 8.1
CVE-2026-42211
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
UNKNOWN
CVE-2026-40181
React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
MEDIUM 6.5
CVE-2026-22030
React Router has CSRF issue in Action/Server Action Request Processing
HIGH 7.5
CVE-2026-42342
React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
HIGH 7.5
CVE-2026-34077
React Router vulnerable to Denial of Service via reflected user input in single-fetch
MEDIUM 5.4
CVE-2026-33244
React Router has stored XSS via unescaped Location header in prerendered redirect HTML
HIGH 8.0
CVE-2026-33245
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
HIGH 7.6
CVE-2025-59057
React Router has XSS Vulnerability
HIGH 8.2
CVE-2026-21884
React Router SSR XSS in ScrollRestoration
HIGH 8.0
CVE-2026-22029
React Router vulnerable to XSS via Open Redirects
MEDIUM 6.5
CVE-2025-68470
React Router has unexpected external redirect via untrusted paths
HIGH 8.2
CVE-2025-43865
React Router allows pre-render data spoofing on React-Router framework mode
HIGH 7.5
CVE-2025-43864
React Router allows a DoS via cache poisoning by forcing SPA mode
Ready to move
Start Securing
Free, no credit card | First findings in minutes