React
This hub aggregates every CVE we track for React, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
1
Critical
4
High
1
In CISA KEV
Severity distribution
HIGH4MEDIUM2CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
4
1
0
0
0
1
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting React.
- CVE-2026-42349Clerk: Authorization bypass when combining organization, billing, or reverification checks8.1
- CVE-2026-23864Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vu...7.5
- CVE-2025-67779It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19...7.5
- CVE-2025-55184A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-ser...7.5
- CVE-2025-55183An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: r...5.3
- CVE-2025-55182A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, rea...KEV10.0
- CVE-2018-6341React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vul...6.1
Product normalization is registry-driven with AI assist and human review. How it works