react-router vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-53663Lowreact-router: React Router: Potential CSRF via PUT/PATCH/DELETE document requestsCVE-2026-34077Highreact-router: React Router vulnerable to Denial of Service via reflected user input in single-fetchCVE-2026-42342Highreact-router: React Router vulnerable to DoS via unbounded path expansion in __manifest endpointCVE-2026-42211Highreact-router: React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR…CVE-2026-40181Mediumreact-router: React Router's same-origin redirect with path starting // causes open redirect via…CVE-2026-33245Highreact-router: React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targetsCVE-2026-33244Mediumreact-router: React Router has stored XSS via unescaped Location header in prerendered redirect HTMLCVE-2026-22030Mediumreact-router: React Router has CSRF issue in Action/Server Action Request ProcessingCVE-2026-22029Highreact-router: React Router vulnerable to XSS via Open RedirectsCVE-2026-21884Highreact-router: React Router SSR XSS in ScrollRestorationCVE-2025-68470Mediumreact-router: React Router has unexpected external redirect via untrusted pathsCVE-2025-59057Highreact-router: React Router has XSS VulnerabilityCVE-2025-43865Highreact-router: React Router allows pre-render data spoofing on React-Router framework modeCVE-2025-43864Highreact-router: React Router allows a DoS via cache poisoning by forcing SPA mode

Stop the waste.
Protect your environment with Kodem.