Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/react-server-dom-turbopack@19.0.1
Typenpm
Namespace
Namereact-server-dom-turbopack
Version19.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version19.0.4
Latest_non_vulnerable_version19.3.0-canary-06fcc8f3-20251009
Affected_by_vulnerabilities
0
url VCID-bwdv-fw3h-dfce
vulnerability_id VCID-bwdv-fw3h-dfce
summary 
React Server Components have multiple Denial of Service Vulnerabilities
## Impact

It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components.

We recommend updating immediately.

The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.1.1, 19.1.2, 19.1.3, 19.1.4, 19.2.0, 19.2.1, 19.2.2, 19.2.3 of:

- [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack)  
- [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel)  
- [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme)

The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints, and could lead to server crashes, out-of-memory exceptions or excessive CPU usage; depending on the vulnerable code path being exercised, the application configuration and application code.

## Patches

Fixes were back ported to versions 19.0.4, 19.1.5, and 19.2.4.

If you are using any of the above packages please upgrade to any of the fixed versions immediately.

If your app’s React code does not use a server, your app is not affected by this vulnerability. If your app does not use a framework, bundler, or bundler plugin that supports React Server Components, your app is not affected by this vulnerability.

## References

See the [blog post](https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components) for more information and upgrade instructions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23864.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23864.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23864
reference_id
reference_type
scores
0
value 0.01395
scoring_system epss
scoring_elements 0.80341
published_at 2026-04-02T12:55:00Z
1
value 0.01456
scoring_system epss
scoring_elements 0.80881
published_at 2026-04-24T12:55:00Z
2
value 0.01456
scoring_system epss
scoring_elements 0.8079
published_at 2026-04-04T12:55:00Z
3
value 0.01456
scoring_system epss
scoring_elements 0.80787
published_at 2026-04-07T12:55:00Z
4
value 0.01456
scoring_system epss
scoring_elements 0.80814
published_at 2026-04-08T12:55:00Z
5
value 0.01456
scoring_system epss
scoring_elements 0.80823
published_at 2026-04-09T12:55:00Z
6
value 0.01456
scoring_system epss
scoring_elements 0.8084
published_at 2026-04-11T12:55:00Z
7
value 0.01456
scoring_system epss
scoring_elements 0.80825
published_at 2026-04-12T12:55:00Z
8
value 0.01456
scoring_system epss
scoring_elements 0.80817
published_at 2026-04-13T12:55:00Z
9
value 0.01456
scoring_system epss
scoring_elements 0.80854
published_at 2026-04-16T12:55:00Z
10
value 0.01456
scoring_system epss
scoring_elements 0.80856
published_at 2026-04-18T12:55:00Z
11
value 0.01456
scoring_system epss
scoring_elements 0.80858
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23864
2
reference_url https://github.com/facebook/react
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react
3
reference_url https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23864
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23864
5
reference_url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
6
reference_url https://www.facebook.com/security/advisories/cve-2026-23864
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:26:03Z/
url https://www.facebook.com/security/advisories/cve-2026-23864
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2433059
reference_id 2433059
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2433059
8
reference_url https://github.com/advisories/GHSA-83fc-fqcc-2hmg
reference_id GHSA-83fc-fqcc-2hmg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83fc-fqcc-2hmg
fixed_packages
0
url pkg:npm/react-server-dom-turbopack@19.0.4
purl pkg:npm/react-server-dom-turbopack@19.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.0.4
1
url pkg:npm/react-server-dom-turbopack@19.1.5
purl pkg:npm/react-server-dom-turbopack@19.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.1.5
2
url pkg:npm/react-server-dom-turbopack@19.2.4
purl pkg:npm/react-server-dom-turbopack@19.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.2.4
aliases CVE-2026-23864, GHSA-83fc-fqcc-2hmg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bwdv-fw3h-dfce
1
url VCID-hznz-envu-kfcq
vulnerability_id VCID-hznz-envu-kfcq
summary 
Source Code Exposure Vulnerability in React Server Components
There is a source code exposure vulnerability in React Server Components.

React recommends updating immediately.

The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of:

- [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack)
- [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel)
- [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme)

These issues are present in the patches published last week.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55183.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55183.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55183
reference_id
reference_type
scores
0
value 0.19834
scoring_system epss
scoring_elements 0.95445
published_at 2026-04-12T12:55:00Z
1
value 0.19834
scoring_system epss
scoring_elements 0.95465
published_at 2026-04-24T12:55:00Z
2
value 0.19834
scoring_system epss
scoring_elements 0.9546
published_at 2026-04-18T12:55:00Z
3
value 0.19834
scoring_system epss
scoring_elements 0.95456
published_at 2026-04-16T12:55:00Z
4
value 0.19834
scoring_system epss
scoring_elements 0.95447
published_at 2026-04-13T12:55:00Z
5
value 0.2095
scoring_system epss
scoring_elements 0.95617
published_at 2026-04-07T12:55:00Z
6
value 0.2095
scoring_system epss
scoring_elements 0.95633
published_at 2026-04-11T12:55:00Z
7
value 0.2095
scoring_system epss
scoring_elements 0.95628
published_at 2026-04-09T12:55:00Z
8
value 0.2095
scoring_system epss
scoring_elements 0.95625
published_at 2026-04-08T12:55:00Z
9
value 0.2095
scoring_system epss
scoring_elements 0.95614
published_at 2026-04-04T12:55:00Z
10
value 0.22222
scoring_system epss
scoring_elements 0.95822
published_at 2026-04-21T12:55:00Z
11
value 0.23425
scoring_system epss
scoring_elements 0.95938
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55183
2
reference_url https://github.com/facebook/react
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react
3
reference_url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-07T16:24:47Z/
url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2421590
reference_id 2421590
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2421590
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55183
reference_id CVE-2025-55183
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55183
6
reference_url https://www.facebook.com/security/advisories/cve-2025-55183
reference_id CVE-2025-55183
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-07T16:24:47Z/
url https://www.facebook.com/security/advisories/cve-2025-55183
7
reference_url https://github.com/advisories/GHSA-925w-6v3x-g4j4
reference_id GHSA-925w-6v3x-g4j4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-925w-6v3x-g4j4
8
reference_url https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4
reference_id GHSA-925w-6v3x-g4j4
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4
fixed_packages
0
url pkg:npm/react-server-dom-turbopack@19.0.2
purl pkg:npm/react-server-dom-turbopack@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bwdv-fw3h-dfce
1
vulnerability VCID-pbfy-s6g4-w7ex
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.0.2
1
url pkg:npm/react-server-dom-turbopack@19.1.0-canary-029e8bd6-20250306
purl pkg:npm/react-server-dom-turbopack@19.1.0-canary-029e8bd6-20250306
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.1.0-canary-029e8bd6-20250306
2
url pkg:npm/react-server-dom-turbopack@19.1.3
purl pkg:npm/react-server-dom-turbopack@19.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bwdv-fw3h-dfce
1
vulnerability VCID-pbfy-s6g4-w7ex
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.1.3
3
url pkg:npm/react-server-dom-turbopack@19.2.0-canary-0038c501-20250429
purl pkg:npm/react-server-dom-turbopack@19.2.0-canary-0038c501-20250429
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.2.0-canary-0038c501-20250429
4
url pkg:npm/react-server-dom-turbopack@19.2.2
purl pkg:npm/react-server-dom-turbopack@19.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bwdv-fw3h-dfce
1
vulnerability VCID-pbfy-s6g4-w7ex
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.2.2
5
url pkg:npm/react-server-dom-turbopack@19.3.0-canary-06fcc8f3-20251009
purl pkg:npm/react-server-dom-turbopack@19.3.0-canary-06fcc8f3-20251009
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.3.0-canary-06fcc8f3-20251009
aliases CVE-2025-55183, GHSA-925w-6v3x-g4j4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hznz-envu-kfcq
2
url VCID-q3r3-ykj4-3qbr
vulnerability_id VCID-q3r3-ykj4-3qbr
summary 
Denial of Service Vulnerability in React Server Components
There is a denial of service vulnerability in React Server Components.

React recommends updating immediately.

The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of:

- [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack)
- [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel)
- [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme)

These issues are present in the patches published last week.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55184.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55184.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55184
reference_id
reference_type
scores
0
value 0.21089
scoring_system epss
scoring_elements 0.95651
published_at 2026-04-11T12:55:00Z
1
value 0.21089
scoring_system epss
scoring_elements 0.95646
published_at 2026-04-09T12:55:00Z
2
value 0.21089
scoring_system epss
scoring_elements 0.95642
published_at 2026-04-08T12:55:00Z
3
value 0.21089
scoring_system epss
scoring_elements 0.95633
published_at 2026-04-07T12:55:00Z
4
value 0.21089
scoring_system epss
scoring_elements 0.9563
published_at 2026-04-04T12:55:00Z
5
value 0.23574
scoring_system epss
scoring_elements 0.95957
published_at 2026-04-02T12:55:00Z
6
value 0.26234
scoring_system epss
scoring_elements 0.96315
published_at 2026-04-24T12:55:00Z
7
value 0.26234
scoring_system epss
scoring_elements 0.96296
published_at 2026-04-12T12:55:00Z
8
value 0.26234
scoring_system epss
scoring_elements 0.963
published_at 2026-04-13T12:55:00Z
9
value 0.26234
scoring_system epss
scoring_elements 0.96309
published_at 2026-04-16T12:55:00Z
10
value 0.26234
scoring_system epss
scoring_elements 0.96313
published_at 2026-04-18T12:55:00Z
11
value 0.29056
scoring_system epss
scoring_elements 0.96593
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55184
2
reference_url https://github.com/facebook/react
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react
3
reference_url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T16:36:27Z/
url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2421588
reference_id 2421588
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2421588
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55184
reference_id CVE-2025-55184
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55184
6
reference_url https://www.facebook.com/security/advisories/cve-2025-55184
reference_id CVE-2025-55184
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T16:36:27Z/
url https://www.facebook.com/security/advisories/cve-2025-55184
7
reference_url https://github.com/advisories/GHSA-2m3v-v2m8-q956
reference_id GHSA-2m3v-v2m8-q956
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2m3v-v2m8-q956
8
reference_url https://github.com/facebook/react/security/advisories/GHSA-2m3v-v2m8-q956
reference_id GHSA-2m3v-v2m8-q956
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react/security/advisories/GHSA-2m3v-v2m8-q956
fixed_packages
0
url pkg:npm/react-server-dom-turbopack@19.0.2
purl pkg:npm/react-server-dom-turbopack@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bwdv-fw3h-dfce
1
vulnerability VCID-pbfy-s6g4-w7ex
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.0.2
1
url pkg:npm/react-server-dom-turbopack@19.1.0-canary-029e8bd6-20250306
purl pkg:npm/react-server-dom-turbopack@19.1.0-canary-029e8bd6-20250306
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.1.0-canary-029e8bd6-20250306
2
url pkg:npm/react-server-dom-turbopack@19.1.3
purl pkg:npm/react-server-dom-turbopack@19.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bwdv-fw3h-dfce
1
vulnerability VCID-pbfy-s6g4-w7ex
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.1.3
3
url pkg:npm/react-server-dom-turbopack@19.2.0-canary-0038c501-20250429
purl pkg:npm/react-server-dom-turbopack@19.2.0-canary-0038c501-20250429
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.2.0-canary-0038c501-20250429
4
url pkg:npm/react-server-dom-turbopack@19.2.2
purl pkg:npm/react-server-dom-turbopack@19.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bwdv-fw3h-dfce
1
vulnerability VCID-pbfy-s6g4-w7ex
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.2.2
5
url pkg:npm/react-server-dom-turbopack@19.3.0-canary-06fcc8f3-20251009
purl pkg:npm/react-server-dom-turbopack@19.3.0-canary-06fcc8f3-20251009
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.3.0-canary-06fcc8f3-20251009
aliases CVE-2025-55184, GHSA-2m3v-v2m8-q956
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q3r3-ykj4-3qbr
Fixing_vulnerabilities
0
url VCID-pqwe-3ukm-dkh4
vulnerability_id VCID-pqwe-3ukm-dkh4
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55182.json
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55182.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55182
reference_id
reference_type
scores
0
value 0.65077
scoring_system epss
scoring_elements 0.98465
published_at 2026-04-02T12:55:00Z
1
value 0.66271
scoring_system epss
scoring_elements 0.98525
published_at 2026-04-09T12:55:00Z
2
value 0.66271
scoring_system epss
scoring_elements 0.98519
published_at 2026-04-04T12:55:00Z
3
value 0.66271
scoring_system epss
scoring_elements 0.9852
published_at 2026-04-07T12:55:00Z
4
value 0.66271
scoring_system epss
scoring_elements 0.98523
published_at 2026-04-08T12:55:00Z
5
value 0.84483
scoring_system epss
scoring_elements 0.99334
published_at 2026-04-24T12:55:00Z
6
value 0.84483
scoring_system epss
scoring_elements 0.99332
published_at 2026-04-21T12:55:00Z
7
value 0.84891
scoring_system epss
scoring_elements 0.99348
published_at 2026-04-13T12:55:00Z
8
value 0.84891
scoring_system epss
scoring_elements 0.99346
published_at 2026-04-11T12:55:00Z
9
value 0.86904
scoring_system epss
scoring_elements 0.99434
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55182
2
reference_url https://github.com/facebook/react
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react
3
reference_url https://github.com/facebook/react/commit/7dc903cd29dac55efb4424853fd0442fef3a8700
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react/commit/7dc903cd29dac55efb4424853fd0442fef3a8700
4
reference_url https://github.com/facebook/react/pull/35277
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react/pull/35277
5
reference_url https://github.com/facebook/react/releases/tag/v19.0.1
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react/releases/tag/v19.0.1
6
reference_url https://github.com/facebook/react/releases/tag/v19.1.2
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react/releases/tag/v19.1.2
7
reference_url https://github.com/facebook/react/releases/tag/v19.2.1
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react/releases/tag/v19.2.1
8
reference_url https://github.com/vercel/next.js
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/vercel/next.js
9
reference_url https://news.ycombinator.com/item?id=46136026
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://news.ycombinator.com/item?id=46136026
10
reference_url https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-12-06T04:55:43Z/
url https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
11
reference_url http://www.openwall.com/lists/oss-security/2025/12/03/4
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/12/03/4
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418613
reference_id 2418613
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418613
13
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52506.py
reference_id CVE-2025-55182
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52506.py
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55182
reference_id CVE-2025-55182
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55182
15
reference_url https://www.facebook.com/security/advisories/cve-2025-55182
reference_id CVE-2025-55182
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-12-06T04:55:43Z/
url https://www.facebook.com/security/advisories/cve-2025-55182
16
reference_url https://github.com/ejpir/CVE-2025-55182-poc
reference_id CVE-2025-55182-POC
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ejpir/CVE-2025-55182-poc
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66478
reference_id CVE-2025-66478
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-66478
18
reference_url https://github.com/advisories/GHSA-9qr9-h5gf-34mp
reference_id GHSA-9qr9-h5gf-34mp
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9qr9-h5gf-34mp
19
reference_url https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp
reference_id GHSA-9qr9-h5gf-34mp
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp
20
reference_url https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp
reference_id GHSA-fmh4-wr37-44fp
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp
21
reference_url https://github.com/advisories/GHSA-fv66-9v8q-g76r
reference_id GHSA-fv66-9v8q-g76r
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fv66-9v8q-g76r
22
reference_url https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r
reference_id GHSA-fv66-9v8q-g76r
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r
fixed_packages
0
url pkg:npm/react-server-dom-turbopack@19.0.1
purl pkg:npm/react-server-dom-turbopack@19.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bwdv-fw3h-dfce
1
vulnerability VCID-hznz-envu-kfcq
2
vulnerability VCID-q3r3-ykj4-3qbr
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.0.1
1
url pkg:npm/react-server-dom-turbopack@19.1.0-canary-029e8bd6-20250306
purl pkg:npm/react-server-dom-turbopack@19.1.0-canary-029e8bd6-20250306
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.1.0-canary-029e8bd6-20250306
2
url pkg:npm/react-server-dom-turbopack@19.1.2
purl pkg:npm/react-server-dom-turbopack@19.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bwdv-fw3h-dfce
1
vulnerability VCID-hznz-envu-kfcq
2
vulnerability VCID-q3r3-ykj4-3qbr
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.1.2
3
url pkg:npm/react-server-dom-turbopack@19.2.0-canary-0038c501-20250429
purl pkg:npm/react-server-dom-turbopack@19.2.0-canary-0038c501-20250429
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.2.0-canary-0038c501-20250429
4
url pkg:npm/react-server-dom-turbopack@19.2.1
purl pkg:npm/react-server-dom-turbopack@19.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bwdv-fw3h-dfce
1
vulnerability VCID-hznz-envu-kfcq
2
vulnerability VCID-q3r3-ykj4-3qbr
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.2.1
5
url pkg:npm/react-server-dom-turbopack@19.3.0-canary-06fcc8f3-20251009
purl pkg:npm/react-server-dom-turbopack@19.3.0-canary-06fcc8f3-20251009
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.3.0-canary-06fcc8f3-20251009
aliases CVE-2025-55182, CVE-2025-66478, GHSA-9qr9-h5gf-34mp, GHSA-fv66-9v8q-g76r
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqwe-3ukm-dkh4
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.0.1