react-router
22 known vulnerabilities · 0 critical · 0 high
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
React Router has stored XSS via unescaped Location header in prerendered redirect HTML
React Router has unexpected external redirect via untrusted paths
React Router allows pre-render data spoofing on React-Router framework mode
React Router has CSRF issue in Action/Server Action Request Processing
React Router vulnerable to Denial of Service via reflected user input in single-fetch
React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
React Router: Potential CSRF via PUT/PATCH/DELETE document requests
Malicious code in @oec-settlement/react-router (npm)
Malicious code in react-router-on-navigation (npm)
Malicious code in @tanstack/react-router (npm)
Malicious code in @tanstack/react-router-ssr-query (npm)
Malicious code in react-router-packages (npm)
Malicious code in shopify-app-react-router (npm)
Malicious code in meraki-react-router (npm)
Malicious code in @tanstack/react-router-devtools (npm)
Malicious code in okta-react-router-6 (npm)