Exposure of React Router
JavaScript frameworks100
exposure score
171,557
sites use
1
exploited
2
critical
CVEs
18 resultsCVE-2026-45321CRITICALMalware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keysEPSS 2.3%KEVCVE-2025-43864HIGHReact Router allows a DoS via cache poisoning by forcing SPA modeEPSS 22.0%CVE-2025-61686CRITICALReact Router has Path Traversal in File Session StorageEPSS 14.8%CVE-2025-31137HIGHRemix and React Router allow URL manipulation via Host / X-Forwarded-Host headersEPSS 1.1%CVE-2025-43865HIGHReact Router allows pre-render data spoofing on React-Router framework modeEPSS 0.7%CVE-2026-42211HIGHReact Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCEEPSS 0.4%CVE-2026-21884HIGHReact Router SSR XSS in ScrollRestorationEPSS 0.4%CVE-2026-22029HIGHReact Router vulnerable to XSS via Open RedirectsEPSS 0.3%CVE-2025-59057HIGHReact Router has XSS VulnerabilityEPSS 0.3%CVE-2026-42342HIGHReact Router vulnerable to DoS via unbounded path expansion in __manifest endpointEPSS 0.3%CVE-2026-34077HIGHReact Router vulnerable to Denial of Service via reflected user input in single-fetchEPSS 0.3%CVE-2026-42349HIGHClerk: Authorization bypass when combining organization, billing, or reverification checksEPSS 0.2%CVE-2025-68470MEDIUMReact Router has unexpected external redirect via untrusted pathsEPSS 0.2%CVE-2026-33245HIGHReact Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targetsEPSS 0.2%CVE-2026-40181MEDIUMReact Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretationEPSS 0.2%CVE-2026-33244MEDIUMReact Router has stored XSS via unescaped Location header in prerendered redirect HTMLEPSS 0.1%CVE-2026-22030MEDIUMReact Router has CSRF issue in Action/Server Action Request ProcessingEPSS 0.1%CVE-2026-53663LOWReact Router: `handleDocumentRequest` CSRF check covers `POST` only; PUT/PATCH/DELETE bypassEPSS 0.1%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →