VulnerableCode Package Details - pkg:npm/react-server-dom-parcel@19.0.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-pbfy-s6g4-w7ex Aliases: CVE-2025-67779 GHSA-7gmr-mq3h-m5h9	Denial of Service Vulnerability in React Server Components It was found that the fix to address [CVE-2025-55184](https://github.com/facebook/react/security/advisories/GHSA-2m3v-v2m8-q956) in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. We recommend updating immediately. The vulnerability exists in versions 19.0.2, 19.1.3, and 19.2.2 of: - [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack) - [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel) - [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme) These issues are present in the patches published on December 11th, 2025.	19.0.3 Affected by 0 other vulnerabilities. 19.1.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 19.2.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-pbfy-s6g4-w7ex
Aliases:
CVE-2025-67779
GHSA-7gmr-mq3h-m5h9

Denial of Service Vulnerability in React Server Components It was found that the fix to address [CVE-2025-55184](https://github.com/facebook/react/security/advisories/GHSA-2m3v-v2m8-q956) in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. We recommend updating immediately. The vulnerability exists in versions 19.0.2, 19.1.3, and 19.2.2 of: - [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack) - [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel) - [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme) These issues are present in the patches published on December 11th, 2025.

19.0.3
Affected by 0 other vulnerabilities.

19.1.4
Affected by 1 other vulnerability.

19.2.3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:07:21.139650+00:00	GHSA Importer	Affected by	VCID-pbfy-s6g4-w7ex	https://github.com/advisories/GHSA-7gmr-mq3h-m5h9	38.0.0
2026-04-01T16:07:20.216055+00:00	GHSA Importer	Fixing	VCID-q3r3-ykj4-3qbr	https://github.com/advisories/GHSA-2m3v-v2m8-q956	38.0.0
2026-04-01T16:07:20.036246+00:00	GHSA Importer	Fixing	VCID-hznz-envu-kfcq	https://github.com/advisories/GHSA-925w-6v3x-g4j4	38.0.0
2026-04-01T12:55:31.241500+00:00	GithubOSV Importer	Fixing	VCID-q3r3-ykj4-3qbr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-2m3v-v2m8-q956/GHSA-2m3v-v2m8-q956.json	38.0.0
2026-04-01T12:55:28.576326+00:00	GithubOSV Importer	Fixing	VCID-hznz-envu-kfcq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-925w-6v3x-g4j4/GHSA-925w-6v3x-g4j4.json	38.0.0
2026-04-01T12:53:31.433027+00:00	GitLab Importer	Affected by	VCID-pbfy-s6g4-w7ex	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/react-server-dom-parcel/CVE-2025-67779.yml	38.0.0
2026-04-01T12:53:30.929555+00:00	GitLab Importer	Fixing	VCID-q3r3-ykj4-3qbr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/react-server-dom-parcel/CVE-2025-55184.yml	38.0.0
2026-04-01T12:53:30.569735+00:00	GitLab Importer	Fixing	VCID-hznz-envu-kfcq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/react-server-dom-parcel/CVE-2025-55183.yml	38.0.0