Search for packages
| purl | pkg:npm/%40remix-run/router@1.0.4-pre.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-y2ce-z8tu-y7e5
Aliases: CVE-2026-22029 GHSA-2w69-qvjg-hvjx |
React Router vulnerable to XSS via Open Redirects React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in [Framework Mode](https://reactrouter.com/start/modes#framework), [Data Mode](https://reactrouter.com/start/modes#data), or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if developers are creating redirect paths from untrusted content or via an open redirect. > [!NOTE] > This does not impact applications that use [Declarative Mode](https://reactrouter.com/start/modes#declarative) (`<BrowserRouter>`). |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-29T22:49:07.733164+00:00 | GitLab Importer | Affected by | VCID-y2ce-z8tu-y7e5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@remix-run/router/CVE-2026-22029.yml | 38.5.0 |
| 2026-04-17T00:06:32.246985+00:00 | GitLab Importer | Affected by | VCID-y2ce-z8tu-y7e5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@remix-run/router/CVE-2026-22029.yml | 38.4.0 |
| 2026-04-12T01:29:53.867129+00:00 | GitLab Importer | Affected by | VCID-y2ce-z8tu-y7e5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@remix-run/router/CVE-2026-22029.yml | 38.3.0 |
| 2026-04-03T01:38:39.398695+00:00 | GitLab Importer | Affected by | VCID-y2ce-z8tu-y7e5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@remix-run/router/CVE-2026-22029.yml | 38.1.0 |