Remix-run React-router
15 CVEs affecting Remix-run React-router. Latest disclosed: 2026-06-02. Critical: 1, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-61686 | Critical | 9.1 | 2026-01-10 | React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to v… |
CVE-2026-21884 | High | 8.2 | 2026-01-10 | React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React… |
CVE-2025-43865 | High | 8.2 | 2025-04-25 | React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the r… |
CVE-2026-42211 | High | 8.1 | 2026-06-02 | React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized re… |
CVE-2026-33245 | High | 8.0 | 2026-06-02 | React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potenti… |
CVE-2026-22029 | High | 8.0 | 2026-01-10 | React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open… |
CVE-2025-59057 | High | 7.6 | 2026-01-10 | React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exis… |
CVE-2026-42342 | High | 7.5 | 2026-06-02 | React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain c… |
CVE-2026-34077 | High | 7.5 | 2026-06-02 | React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potenti… |
CVE-2025-43864 | High | 7.5 | 2025-04-25 | React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by addin… |
CVE-2025-31137 | High | 7.5 | 2025-04-01 | React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all R… |
CVE-2026-22030 | Medium | 6.5 | 2026-01-10 | React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router (or Remix v2) is… |
CVE-2025-68470 | Medium | 6.5 | 2026-01-10 | React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Rou… |
CVE-2026-40181 | Medium | 6.1 | 2026-06-02 | React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open… |
CVE-2026-33244 | Medium | 5.4 | 2026-06-02 | React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP… |