remix-run
OSS Librariesoss-project
Latest CVEs
The 15 most recently published vulnerabilities affecting remix-run.
- CVE-2026-53663React Router: `handleDocumentRequest` CSRF check covers `POST` only; PUT/PATCH/DELETE bypass3.1
- CVE-2026-42342React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint7.5
- CVE-2026-42211React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE8.1
- CVE-2026-40181React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation6.1
- CVE-2026-34077React Router vulnerable to Denial of Service via reflected user input in single-fetch7.5
- CVE-2026-33245React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets8.0
- CVE-2026-33244React Router has stored XSS via unescaped Location header in prerendered redirect HTML5.4
- CVE-2026-22030React Router has CSRF issue in Action/Server Action Request Processing6.5
- CVE-2026-22029React Router vulnerable to XSS via Open Redirects8.0
- CVE-2026-21884React Router SSR XSS in ScrollRestoration8.2
- CVE-2025-61686React Router has Path Traversal in File Session Storage9.1
- CVE-2025-59057React Router has XSS Vulnerability7.6
- CVE-2025-68470React Router has unexpected external redirect via untrusted paths6.5
- CVE-2025-43865React Router allows pre-render data spoofing on React-Router framework mode8.2
- CVE-2025-43864React Router allows a DoS via cache poisoning by forcing SPA mode7.5