Vitejs Vite-plugin-react
2 CVEs affecting Vitejs Vite-plugin-react. Latest disclosed: 2025-12-16. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-67489 | Critical | 9.8 | 2025-12-09 | @vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the de… |
CVE-2025-68155 | High | 7.5 | 2025-12-16 | @vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Prior to version 0.5.8, the `/__vite_rsc_findSourceMapURL` endpoint in `@vitejs/plug… |