VulnerableCode Package Details - pkg:npm/%40remix-run/react@0.0.0-nightly-960815c2f-20250327

Search for packages

Vulnerability	Summary	Fixed by
VCID-1khb-1639-afhf Aliases: CVE-2026-21884 GHSA-8v8x-cx79-35w7	React Router SSR XSS in ScrollRestoration A XSS vulnerability exists in in React Router's `<ScrollRestoration>` API in [Framework Mode](https://reactrouter.com/start/modes#framework) when using the `getKey`/`storageKey` props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. > [!NOTE] > This does not impact applications if developers have [disabled server-side rendering](https://reactrouter.com/how-to/spa) in Framework Mode, or if they are using [Declarative Mode](https://reactrouter.com/start/modes#declarative) (`<BrowserRouter>`) or [Data Mode](https://reactrouter.com/start/modes#data) (`createBrowserRouter`/`<RouterProvider>`).	2.17.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1khb-1639-afhf
Aliases:
CVE-2026-21884
GHSA-8v8x-cx79-35w7

React Router SSR XSS in ScrollRestoration A XSS vulnerability exists in in React Router's `<ScrollRestoration>` API in [Framework Mode](https://reactrouter.com/start/modes#framework) when using the `getKey`/`storageKey` props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. > [!NOTE] > This does not impact applications if developers have [disabled server-side rendering](https://reactrouter.com/how-to/spa) in Framework Mode, or if they are using [Declarative Mode](https://reactrouter.com/start/modes#declarative) (`<BrowserRouter>`) or [Data Mode](https://reactrouter.com/start/modes#data) (`createBrowserRouter`/`<RouterProvider>`).

2.17.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-06T15:52:11.073460+00:00	GitLab Importer	Affected by	VCID-1khb-1639-afhf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@remix-run/react/CVE-2026-21884.yml	38.6.0
2026-04-29T22:49:36.331032+00:00	GitLab Importer	Affected by	VCID-1khb-1639-afhf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@remix-run/react/CVE-2026-21884.yml	38.5.0
2026-04-17T00:06:59.592681+00:00	GitLab Importer	Affected by	VCID-1khb-1639-afhf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@remix-run/react/CVE-2026-21884.yml	38.4.0
2026-04-12T01:30:24.534763+00:00	GitLab Importer	Affected by	VCID-1khb-1639-afhf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@remix-run/react/CVE-2026-21884.yml	38.3.0
2026-04-03T01:39:13.098647+00:00	GitLab Importer	Affected by	VCID-1khb-1639-afhf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@remix-run/react/CVE-2026-21884.yml	38.1.0