Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/react-server-dom-turbopack@19.0.0
Typenpm
Namespace
Namereact-server-dom-turbopack
Version19.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version19.0.1
Latest_non_vulnerable_version19.2.4
Affected_by_vulnerabilities
0
url VCID-1vbs-dw4u-x3br
vulnerability_id VCID-1vbs-dw4u-x3br
summary 
React Server Components have multiple Denial of Service Vulnerabilities
It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components.

We recommend updating immediately.

The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.1.1, 19.1.2, 19.1.3, 19.1.4, 19.2.0, 19.2.1, 19.2.2, 19.2.3 of:

- [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack)
- [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel)
- [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme)

The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints, and could lead to server crashes, out-of-memory exceptions or excessive CPU usage; depending on the vulnerable code path being exercised, the application configuration and application code.
references
0
reference_url https://github.com/facebook/react
reference_id
reference_type
scores
url https://github.com/facebook/react
1
reference_url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
reference_id
reference_type
scores
url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23864
reference_id CVE-2026-23864
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-23864
3
reference_url https://www.facebook.com/security/advisories/cve-2026-23864
reference_id CVE-2026-23864
reference_type
scores
url https://www.facebook.com/security/advisories/cve-2026-23864
4
reference_url https://github.com/advisories/GHSA-83fc-fqcc-2hmg
reference_id GHSA-83fc-fqcc-2hmg
reference_type
scores
url https://github.com/advisories/GHSA-83fc-fqcc-2hmg
5
reference_url https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg
reference_id GHSA-83fc-fqcc-2hmg
reference_type
scores
url https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg
fixed_packages
0
url pkg:npm/react-server-dom-turbopack@19.0.4
purl pkg:npm/react-server-dom-turbopack@19.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.0.4
1
url pkg:npm/react-server-dom-turbopack@19.1.5
purl pkg:npm/react-server-dom-turbopack@19.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.1.5
2
url pkg:npm/react-server-dom-turbopack@19.2.4
purl pkg:npm/react-server-dom-turbopack@19.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.2.4
aliases CVE-2026-23864, GHSA-83fc-fqcc-2hmg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vbs-dw4u-x3br
1
url VCID-a9qu-qnde-t7f3
vulnerability_id VCID-a9qu-qnde-t7f3
summary 
Source Code Exposure Vulnerability in React Server Components
There is a source code exposure vulnerability in React Server Components.

React recommends updating immediately.

The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of:

- [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack)
- [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel)
- [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme)

These issues are present in the patches published last week.
references
0
reference_url https://github.com/facebook/react
reference_id
reference_type
scores
url https://github.com/facebook/react
1
reference_url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
reference_id
reference_type
scores
url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55183
reference_id CVE-2025-55183
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-55183
3
reference_url https://www.facebook.com/security/advisories/cve-2025-55183
reference_id CVE-2025-55183
reference_type
scores
url https://www.facebook.com/security/advisories/cve-2025-55183
4
reference_url https://github.com/advisories/GHSA-925w-6v3x-g4j4
reference_id GHSA-925w-6v3x-g4j4
reference_type
scores
url https://github.com/advisories/GHSA-925w-6v3x-g4j4
5
reference_url https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4
reference_id GHSA-925w-6v3x-g4j4
reference_type
scores
url https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4
fixed_packages
0
url pkg:npm/react-server-dom-turbopack@19.0.2
purl pkg:npm/react-server-dom-turbopack@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fyz5-x6zm-efg5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.0.2
1
url pkg:npm/react-server-dom-turbopack@19.1.3
purl pkg:npm/react-server-dom-turbopack@19.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fyz5-x6zm-efg5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.1.3
2
url pkg:npm/react-server-dom-turbopack@19.2.2
purl pkg:npm/react-server-dom-turbopack@19.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fyz5-x6zm-efg5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.2.2
aliases CVE-2025-55183, GHSA-925w-6v3x-g4j4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9qu-qnde-t7f3
2
url VCID-hc9w-hrbq-93c5
vulnerability_id VCID-hc9w-hrbq-93c5
summary 
Denial of Service Vulnerability in React Server Components
There is a denial of service vulnerability in React Server Components.

React recommends updating immediately.

The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of:

- [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack)
- [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel)
- [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme)

These issues are present in the patches published last week.
references
0
reference_url https://github.com/facebook/react
reference_id
reference_type
scores
url https://github.com/facebook/react
1
reference_url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
reference_id
reference_type
scores
url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55184
reference_id CVE-2025-55184
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-55184
3
reference_url https://www.facebook.com/security/advisories/cve-2025-55184
reference_id CVE-2025-55184
reference_type
scores
url https://www.facebook.com/security/advisories/cve-2025-55184
4
reference_url https://github.com/advisories/GHSA-2m3v-v2m8-q956
reference_id GHSA-2m3v-v2m8-q956
reference_type
scores
url https://github.com/advisories/GHSA-2m3v-v2m8-q956
5
reference_url https://github.com/facebook/react/security/advisories/GHSA-2m3v-v2m8-q956
reference_id GHSA-2m3v-v2m8-q956
reference_type
scores
url https://github.com/facebook/react/security/advisories/GHSA-2m3v-v2m8-q956
fixed_packages
0
url pkg:npm/react-server-dom-turbopack@19.0.2
purl pkg:npm/react-server-dom-turbopack@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fyz5-x6zm-efg5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.0.2
1
url pkg:npm/react-server-dom-turbopack@19.1.3
purl pkg:npm/react-server-dom-turbopack@19.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fyz5-x6zm-efg5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.1.3
2
url pkg:npm/react-server-dom-turbopack@19.2.2
purl pkg:npm/react-server-dom-turbopack@19.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fyz5-x6zm-efg5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.2.2
aliases CVE-2025-55184, GHSA-2m3v-v2m8-q956
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hc9w-hrbq-93c5
3
url VCID-k1q6-b8t3-hqb6
vulnerability_id VCID-k1q6-b8t3-hqb6
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://github.com/facebook/react
reference_id
reference_type
scores
url https://github.com/facebook/react
1
reference_url https://github.com/facebook/react/commit/7dc903cd29dac55efb4424853fd0442fef3a8700
reference_id
reference_type
scores
url https://github.com/facebook/react/commit/7dc903cd29dac55efb4424853fd0442fef3a8700
2
reference_url https://github.com/facebook/react/pull/35277
reference_id
reference_type
scores
url https://github.com/facebook/react/pull/35277
3
reference_url https://github.com/facebook/react/releases/tag/v19.0.1
reference_id
reference_type
scores
url https://github.com/facebook/react/releases/tag/v19.0.1
4
reference_url https://github.com/facebook/react/releases/tag/v19.1.2
reference_id
reference_type
scores
url https://github.com/facebook/react/releases/tag/v19.1.2
5
reference_url https://github.com/facebook/react/releases/tag/v19.2.1
reference_id
reference_type
scores
url https://github.com/facebook/react/releases/tag/v19.2.1
6
reference_url https://github.com/vercel/next.js
reference_id
reference_type
scores
url https://github.com/vercel/next.js
7
reference_url https://news.ycombinator.com/item?id=46136026
reference_id
reference_type
scores
url https://news.ycombinator.com/item?id=46136026
8
reference_url https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
reference_id
reference_type
scores
url https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55182
reference_id CVE-2025-55182
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-55182
10
reference_url https://www.facebook.com/security/advisories/cve-2025-55182
reference_id CVE-2025-55182
reference_type
scores
url https://www.facebook.com/security/advisories/cve-2025-55182
11
reference_url https://github.com/ejpir/CVE-2025-55182-poc
reference_id CVE-2025-55182-POC
reference_type
scores
url https://github.com/ejpir/CVE-2025-55182-poc
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66478
reference_id CVE-2025-66478
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-66478
13
reference_url https://github.com/advisories/GHSA-9qr9-h5gf-34mp
reference_id GHSA-9qr9-h5gf-34mp
reference_type
scores
url https://github.com/advisories/GHSA-9qr9-h5gf-34mp
14
reference_url https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp
reference_id GHSA-9qr9-h5gf-34mp
reference_type
scores
url https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp
15
reference_url https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp
reference_id GHSA-fmh4-wr37-44fp
reference_type
scores
url https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp
16
reference_url https://github.com/advisories/GHSA-fv66-9v8q-g76r
reference_id GHSA-fv66-9v8q-g76r
reference_type
scores
url https://github.com/advisories/GHSA-fv66-9v8q-g76r
17
reference_url https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r
reference_id GHSA-fv66-9v8q-g76r
reference_type
scores
url https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r
fixed_packages
0
url pkg:npm/react-server-dom-turbopack@19.0.1
purl pkg:npm/react-server-dom-turbopack@19.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.0.1
1
url pkg:npm/react-server-dom-turbopack@19.1.2
purl pkg:npm/react-server-dom-turbopack@19.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.1.2
2
url pkg:npm/react-server-dom-turbopack@19.2.1
purl pkg:npm/react-server-dom-turbopack@19.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.2.1
aliases CVE-2025-55182, CVE-2025-66478, GHSA-9qr9-h5gf-34mp, GHSA-fv66-9v8q-g76r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1q6-b8t3-hqb6
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.0.0