Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/automation-platform-ui@2.6.6-1?arch=el9ap
Typerpm
Namespaceredhat
Nameautomation-platform-ui
Version2.6.6-1
Qualifiers
arch el9ap
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1khb-1639-afhf
vulnerability_id VCID-1khb-1639-afhf
summary 
React Router SSR XSS in ScrollRestoration
A XSS vulnerability exists in in React Router's `<ScrollRestoration>` API in [Framework Mode](https://reactrouter.com/start/modes#framework) when using the `getKey`/`storageKey` props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys.

> [!NOTE]
> This does not impact applications if developers have [disabled server-side rendering](https://reactrouter.com/how-to/spa) in Framework Mode, or if they are using [Declarative Mode](https://reactrouter.com/start/modes#declarative) (`<BrowserRouter>`) or [Data Mode](https://reactrouter.com/start/modes#data) (`createBrowserRouter`/`<RouterProvider>`).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21884.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21884.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-21884
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04739
published_at 2026-04-29T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04546
published_at 2026-04-08T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04561
published_at 2026-04-09T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04549
published_at 2026-04-11T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04534
published_at 2026-04-12T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04518
published_at 2026-04-13T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04493
published_at 2026-04-16T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04502
published_at 2026-04-18T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04639
published_at 2026-04-21T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.0468
published_at 2026-04-24T12:55:00Z
10
value 0.00018
scoring_system epss
scoring_elements 0.04715
published_at 2026-04-26T12:55:00Z
11
value 0.00018
scoring_system epss
scoring_elements 0.04472
published_at 2026-04-02T12:55:00Z
12
value 0.00018
scoring_system epss
scoring_elements 0.04497
published_at 2026-04-04T12:55:00Z
13
value 0.00018
scoring_system epss
scoring_elements 0.04511
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-21884
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/remix-run/react-router
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/remix-run/react-router
4
reference_url https://github.com/remix-run/react-router/security/advisories/GHSA-8v8x-cx79-35w7
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T04:55:52Z/
url https://github.com/remix-run/react-router/security/advisories/GHSA-8v8x-cx79-35w7
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-21884
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-21884
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428421
reference_id 2428421
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2428421
7
reference_url https://github.com/advisories/GHSA-8v8x-cx79-35w7
reference_id GHSA-8v8x-cx79-35w7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8v8x-cx79-35w7
8
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
9
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
10
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
fixed_packages
aliases CVE-2026-21884, GHSA-8v8x-cx79-35w7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1khb-1639-afhf
1
url VCID-7nah-t7y2-zfcy
vulnerability_id VCID-7nah-t7y2-zfcy
summary 
React Router has XSS Vulnerability
A XSS vulnerability exists in in React Router's `meta()`/`<Meta>` APIs in [Framework Mode](https://reactrouter.com/start/modes#framework) when generating `script:ld+json` tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag.

> [!NOTE]
> This does not impact applications using [Declarative Mode](https://reactrouter.com/start/modes#declarative) (`<BrowserRouter>`) or [Data Mode](https://reactrouter.com/start/modes#data) (`createBrowserRouter`/`<RouterProvider>`).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59057.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59057.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59057
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05028
published_at 2026-04-29T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.04914
published_at 2026-04-09T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.04896
published_at 2026-04-11T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.04876
published_at 2026-04-12T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.04857
published_at 2026-04-13T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.04805
published_at 2026-04-16T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.04814
published_at 2026-04-18T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.04958
published_at 2026-04-21T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.04991
published_at 2026-04-24T12:55:00Z
9
value 0.00019
scoring_system epss
scoring_elements 0.05032
published_at 2026-04-26T12:55:00Z
10
value 0.00019
scoring_system epss
scoring_elements 0.04816
published_at 2026-04-02T12:55:00Z
11
value 0.00019
scoring_system epss
scoring_elements 0.04842
published_at 2026-04-04T12:55:00Z
12
value 0.00019
scoring_system epss
scoring_elements 0.04859
published_at 2026-04-07T12:55:00Z
13
value 0.00019
scoring_system epss
scoring_elements 0.04897
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59057
2
reference_url https://github.com/remix-run/react-router
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/remix-run/react-router
3
reference_url https://github.com/remix-run/react-router/security/advisories/GHSA-3cgp-3xvw-98x8
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T18:12:33Z/
url https://github.com/remix-run/react-router/security/advisories/GHSA-3cgp-3xvw-98x8
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59057
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59057
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428426
reference_id 2428426
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2428426
6
reference_url https://github.com/advisories/GHSA-3cgp-3xvw-98x8
reference_id GHSA-3cgp-3xvw-98x8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3cgp-3xvw-98x8
7
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
8
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
9
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
fixed_packages
aliases CVE-2025-59057, GHSA-3cgp-3xvw-98x8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nah-t7y2-zfcy
2
url VCID-jsc5-qvjm-6kek
vulnerability_id VCID-jsc5-qvjm-6kek
summary 
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
### Impact

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. 

The issue permits deletion of properties but does not allow overwriting their original behavior.  

### Patches

This issue is patched on 4.17.23.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13465.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13465.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13465
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08322
published_at 2026-04-29T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08357
published_at 2026-04-26T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08391
published_at 2026-04-24T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.0826
published_at 2026-04-18T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.08279
published_at 2026-04-16T12:55:00Z
5
value 0.00029
scoring_system epss
scoring_elements 0.08387
published_at 2026-04-13T12:55:00Z
6
value 0.00029
scoring_system epss
scoring_elements 0.08402
published_at 2026-04-12T12:55:00Z
7
value 0.00029
scoring_system epss
scoring_elements 0.08421
published_at 2026-04-21T12:55:00Z
8
value 0.00029
scoring_system epss
scoring_elements 0.0843
published_at 2026-04-09T12:55:00Z
9
value 0.00029
scoring_system epss
scoring_elements 0.08413
published_at 2026-04-08T12:55:00Z
10
value 0.00029
scoring_system epss
scoring_elements 0.08341
published_at 2026-04-07T12:55:00Z
11
value 0.00029
scoring_system epss
scoring_elements 0.08366
published_at 2026-04-02T12:55:00Z
12
value 0.00029
scoring_system epss
scoring_elements 0.08419
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13465
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13465
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
5
reference_url https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81
6
reference_url https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T19:43:10Z/
url https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13465
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13465
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126265
reference_id 1126265
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126265
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2431740
reference_id 2431740
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2431740
10
reference_url https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
reference_id GHSA-xxjr-mmjv-4gpg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
11
reference_url https://access.redhat.com/errata/RHSA-2026:11414
reference_id RHSA-2026:11414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11414
12
reference_url https://access.redhat.com/errata/RHSA-2026:1845
reference_id RHSA-2026:1845
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1845
13
reference_url https://access.redhat.com/errata/RHSA-2026:2078
reference_id RHSA-2026:2078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2078
14
reference_url https://access.redhat.com/errata/RHSA-2026:2119
reference_id RHSA-2026:2119
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2119
15
reference_url https://access.redhat.com/errata/RHSA-2026:2145
reference_id RHSA-2026:2145
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2145
16
reference_url https://access.redhat.com/errata/RHSA-2026:2147
reference_id RHSA-2026:2147
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2147
17
reference_url https://access.redhat.com/errata/RHSA-2026:2148
reference_id RHSA-2026:2148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2148
18
reference_url https://access.redhat.com/errata/RHSA-2026:2149
reference_id RHSA-2026:2149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2149
19
reference_url https://access.redhat.com/errata/RHSA-2026:2438
reference_id RHSA-2026:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2438
20
reference_url https://access.redhat.com/errata/RHSA-2026:2452
reference_id RHSA-2026:2452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2452
21
reference_url https://access.redhat.com/errata/RHSA-2026:2462
reference_id RHSA-2026:2462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2462
22
reference_url https://access.redhat.com/errata/RHSA-2026:2465
reference_id RHSA-2026:2465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2465
23
reference_url https://access.redhat.com/errata/RHSA-2026:2469
reference_id RHSA-2026:2469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2469
24
reference_url https://access.redhat.com/errata/RHSA-2026:2484
reference_id RHSA-2026:2484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2484
25
reference_url https://access.redhat.com/errata/RHSA-2026:2651
reference_id RHSA-2026:2651
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2651
26
reference_url https://access.redhat.com/errata/RHSA-2026:2661
reference_id RHSA-2026:2661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2661
27
reference_url https://access.redhat.com/errata/RHSA-2026:2672
reference_id RHSA-2026:2672
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2672
28
reference_url https://access.redhat.com/errata/RHSA-2026:2675
reference_id RHSA-2026:2675
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2675
29
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
30
reference_url https://access.redhat.com/errata/RHSA-2026:2816
reference_id RHSA-2026:2816
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2816
31
reference_url https://access.redhat.com/errata/RHSA-2026:2817
reference_id RHSA-2026:2817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2817
32
reference_url https://access.redhat.com/errata/RHSA-2026:2818
reference_id RHSA-2026:2818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2818
33
reference_url https://access.redhat.com/errata/RHSA-2026:2819
reference_id RHSA-2026:2819
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2819
34
reference_url https://access.redhat.com/errata/RHSA-2026:2900
reference_id RHSA-2026:2900
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2900
35
reference_url https://access.redhat.com/errata/RHSA-2026:2926
reference_id RHSA-2026:2926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2926
36
reference_url https://access.redhat.com/errata/RHSA-2026:2984
reference_id RHSA-2026:2984
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2984
37
reference_url https://access.redhat.com/errata/RHSA-2026:2990
reference_id RHSA-2026:2990
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2990
38
reference_url https://access.redhat.com/errata/RHSA-2026:3087
reference_id RHSA-2026:3087
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3087
39
reference_url https://access.redhat.com/errata/RHSA-2026:3422
reference_id RHSA-2026:3422
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3422
40
reference_url https://access.redhat.com/errata/RHSA-2026:3710
reference_id RHSA-2026:3710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3710
41
reference_url https://access.redhat.com/errata/RHSA-2026:3712
reference_id RHSA-2026:3712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3712
42
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
43
reference_url https://access.redhat.com/errata/RHSA-2026:3825
reference_id RHSA-2026:3825
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3825
44
reference_url https://access.redhat.com/errata/RHSA-2026:3869
reference_id RHSA-2026:3869
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3869
45
reference_url https://access.redhat.com/errata/RHSA-2026:3870
reference_id RHSA-2026:3870
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3870
46
reference_url https://access.redhat.com/errata/RHSA-2026:3874
reference_id RHSA-2026:3874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3874
47
reference_url https://access.redhat.com/errata/RHSA-2026:3884
reference_id RHSA-2026:3884
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3884
48
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
49
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
50
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
51
reference_url https://access.redhat.com/errata/RHSA-2026:4423
reference_id RHSA-2026:4423
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4423
52
reference_url https://access.redhat.com/errata/RHSA-2026:4466
reference_id RHSA-2026:4466
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4466
53
reference_url https://access.redhat.com/errata/RHSA-2026:4467
reference_id RHSA-2026:4467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4467
54
reference_url https://access.redhat.com/errata/RHSA-2026:4630
reference_id RHSA-2026:4630
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4630
55
reference_url https://access.redhat.com/errata/RHSA-2026:4782
reference_id RHSA-2026:4782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4782
56
reference_url https://access.redhat.com/errata/RHSA-2026:5636
reference_id RHSA-2026:5636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5636
57
reference_url https://access.redhat.com/errata/RHSA-2026:6192
reference_id RHSA-2026:6192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6192
58
reference_url https://access.redhat.com/errata/RHSA-2026:6288
reference_id RHSA-2026:6288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6288
59
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
60
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
61
reference_url https://access.redhat.com/errata/RHSA-2026:8218
reference_id RHSA-2026:8218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8218
62
reference_url https://access.redhat.com/errata/RHSA-2026:8229
reference_id RHSA-2026:8229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8229
63
reference_url https://access.redhat.com/errata/RHSA-2026:9848
reference_id RHSA-2026:9848
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9848
fixed_packages
aliases CVE-2025-13465, GHSA-xxjr-mmjv-4gpg
risk_score 3.7
exploitability 0.5
weighted_severity 7.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jsc5-qvjm-6kek
3
url VCID-y2ce-z8tu-y7e5
vulnerability_id VCID-y2ce-z8tu-y7e5
summary 
React Router vulnerable to XSS via Open Redirects
React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in [Framework Mode](https://reactrouter.com/start/modes#framework), [Data Mode](https://reactrouter.com/start/modes#data), or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if developers are creating redirect paths from untrusted content or via an open redirect.

> [!NOTE]
> This does not impact applications that use [Declarative Mode](https://reactrouter.com/start/modes#declarative) (`<BrowserRouter>`).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22029.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22029.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22029
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03459
published_at 2026-04-29T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03416
published_at 2026-04-26T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03411
published_at 2026-04-24T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.03426
published_at 2026-04-21T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04417
published_at 2026-04-04T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04391
published_at 2026-04-02T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04428
published_at 2026-04-07T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.0446
published_at 2026-04-08T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04476
published_at 2026-04-09T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.04469
published_at 2026-04-11T12:55:00Z
10
value 0.00018
scoring_system epss
scoring_elements 0.04454
published_at 2026-04-12T12:55:00Z
11
value 0.00018
scoring_system epss
scoring_elements 0.04437
published_at 2026-04-13T12:55:00Z
12
value 0.00018
scoring_system epss
scoring_elements 0.04405
published_at 2026-04-16T12:55:00Z
13
value 0.00018
scoring_system epss
scoring_elements 0.04414
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22029
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/remix-run/react-router
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/remix-run/react-router
4
reference_url https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T18:10:20Z/
url https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22029
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22029
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428412
reference_id 2428412
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2428412
7
reference_url https://github.com/advisories/GHSA-2w69-qvjg-hvjx
reference_id GHSA-2w69-qvjg-hvjx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2w69-qvjg-hvjx
8
reference_url https://access.redhat.com/errata/RHSA-2026:1517
reference_id RHSA-2026:1517
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1517
9
reference_url https://access.redhat.com/errata/RHSA-2026:2147
reference_id RHSA-2026:2147
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2147
10
reference_url https://access.redhat.com/errata/RHSA-2026:2148
reference_id RHSA-2026:2148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2148
11
reference_url https://access.redhat.com/errata/RHSA-2026:2149
reference_id RHSA-2026:2149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2149
12
reference_url https://access.redhat.com/errata/RHSA-2026:2350
reference_id RHSA-2026:2350
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2350
13
reference_url https://access.redhat.com/errata/RHSA-2026:2456
reference_id RHSA-2026:2456
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2456
14
reference_url https://access.redhat.com/errata/RHSA-2026:2568
reference_id RHSA-2026:2568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2568
15
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
16
reference_url https://access.redhat.com/errata/RHSA-2026:3087
reference_id RHSA-2026:3087
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3087
17
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
18
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
19
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
20
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
21
reference_url https://access.redhat.com/errata/RHSA-2026:5636
reference_id RHSA-2026:5636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5636
22
reference_url https://access.redhat.com/errata/RHSA-2026:8218
reference_id RHSA-2026:8218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8218
23
reference_url https://access.redhat.com/errata/RHSA-2026:8229
reference_id RHSA-2026:8229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8229
24
reference_url https://access.redhat.com/errata/RHSA-2026:9848
reference_id RHSA-2026:9848
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9848
fixed_packages
aliases CVE-2026-22029, GHSA-2w69-qvjg-hvjx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y2ce-z8tu-y7e5
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/automation-platform-ui@2.6.6-1%3Farch=el9ap