Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/react-server-dom-webpack@19.2.0

Type npm

Namespace

Name react-server-dom-webpack

Version 19.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 19.2.5

Latest_non_vulnerable_version 19.3.0-canary-06fcc8f3-20251009

Affected_by_vulnerabilities

url VCID-1vbs-dw4u-x3br

vulnerability_id VCID-1vbs-dw4u-x3br

summary

React Server Components have multiple Denial of Service Vulnerabilities
It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components.

We recommend updating immediately.

The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.1.1, 19.1.2, 19.1.3, 19.1.4, 19.2.0, 19.2.1, 19.2.2, 19.2.3 of:

- [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack)
- [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel)
- [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme)

The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints, and could lead to server crashes, out-of-memory exceptions or excessive CPU usage; depending on the vulnerable code path being exercised, the application configuration and application code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23864.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23864.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-23864

reference_id

reference_type

scores

value	0.0198
scoring_system	epss
scoring_elements	0.8392
published_at	2026-06-06T12:55:00Z

value	0.0198
scoring_system	epss
scoring_elements	0.83917
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-23864

reference_url

https://github.com/facebook/react

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react

reference_url

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2433059
reference_id	2433059
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2433059

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-23864

reference_id

CVE-2026-23864

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-23864

reference_url

https://www.facebook.com/security/advisories/cve-2026-23864

reference_id

CVE-2026-23864

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:26:03Z/

url

https://www.facebook.com/security/advisories/cve-2026-23864

reference_url

https://github.com/advisories/GHSA-83fc-fqcc-2hmg

reference_id

GHSA-83fc-fqcc-2hmg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-83fc-fqcc-2hmg

reference_url

https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg

reference_id

GHSA-83fc-fqcc-2hmg

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg

reference_url	https://access.redhat.com/errata/RHSA-2026:13571
reference_id	RHSA-2026:13571
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13571

fixed_packages

url pkg:npm/react-server-dom-webpack@19.2.4

purl pkg:npm/react-server-dom-webpack@19.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rqq3-xbes-x7ga

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-webpack@19.2.4

aliases CVE-2026-23864, GHSA-83fc-fqcc-2hmg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vbs-dw4u-x3br

url VCID-a9qu-qnde-t7f3

vulnerability_id VCID-a9qu-qnde-t7f3

summary

Source Code Exposure Vulnerability in React Server Components
There is a source code exposure vulnerability in React Server Components.

React recommends updating immediately.

The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of:

- [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack)
- [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel)
- [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme)

These issues are present in the patches published last week.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55183.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55183.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55183

reference_id

reference_type

scores

value	0.26306
scoring_system	epss
scoring_elements	0.96416
published_at	2026-06-06T12:55:00Z

value	0.26306
scoring_system	epss
scoring_elements	0.96412
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55183

reference_url

https://github.com/facebook/react

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react

reference_url

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-07T16:24:47Z/

url

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2421590
reference_id	2421590
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2421590

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-55183

reference_id

CVE-2025-55183

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-55183

reference_url

https://www.facebook.com/security/advisories/cve-2025-55183

reference_id

CVE-2025-55183

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-07T16:24:47Z/

url

https://www.facebook.com/security/advisories/cve-2025-55183

reference_url

https://github.com/advisories/GHSA-925w-6v3x-g4j4

reference_id

GHSA-925w-6v3x-g4j4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-925w-6v3x-g4j4

reference_url

https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4

reference_id

GHSA-925w-6v3x-g4j4

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4

fixed_packages

url pkg:npm/react-server-dom-webpack@19.2.2

purl pkg:npm/react-server-dom-webpack@19.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vbs-dw4u-x3br

vulnerability	VCID-fyz5-x6zm-efg5

vulnerability	VCID-rqq3-xbes-x7ga

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-webpack@19.2.2

url	pkg:npm/react-server-dom-webpack@19.3.0-canary-06fcc8f3-20251009
purl	pkg:npm/react-server-dom-webpack@19.3.0-canary-06fcc8f3-20251009
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-webpack@19.3.0-canary-06fcc8f3-20251009

aliases CVE-2025-55183, GHSA-925w-6v3x-g4j4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9qu-qnde-t7f3

url VCID-hc9w-hrbq-93c5

vulnerability_id VCID-hc9w-hrbq-93c5

summary

Denial of Service Vulnerability in React Server Components
There is a denial of service vulnerability in React Server Components.

React recommends updating immediately.

The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of:

- [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack)
- [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel)
- [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme)

These issues are present in the patches published last week.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55184.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55184.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55184

reference_id

reference_type

scores

value	0.41239
scoring_system	epss
scoring_elements	0.97477
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55184

reference_url

https://github.com/facebook/react

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react

reference_url

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T16:36:27Z/

url

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2421588
reference_id	2421588
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2421588

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-55184

reference_id

CVE-2025-55184

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-55184

reference_url

https://www.facebook.com/security/advisories/cve-2025-55184

reference_id

CVE-2025-55184

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-15T16:36:27Z/

url

https://www.facebook.com/security/advisories/cve-2025-55184

reference_url

https://github.com/advisories/GHSA-2m3v-v2m8-q956

reference_id

GHSA-2m3v-v2m8-q956

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2m3v-v2m8-q956

reference_url

https://github.com/facebook/react/security/advisories/GHSA-2m3v-v2m8-q956

reference_id

GHSA-2m3v-v2m8-q956

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react/security/advisories/GHSA-2m3v-v2m8-q956

fixed_packages

url pkg:npm/react-server-dom-webpack@19.2.2

purl pkg:npm/react-server-dom-webpack@19.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vbs-dw4u-x3br

vulnerability	VCID-fyz5-x6zm-efg5

vulnerability	VCID-rqq3-xbes-x7ga

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-webpack@19.2.2

url	pkg:npm/react-server-dom-webpack@19.3.0-canary-06fcc8f3-20251009
purl	pkg:npm/react-server-dom-webpack@19.3.0-canary-06fcc8f3-20251009
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-webpack@19.3.0-canary-06fcc8f3-20251009

aliases CVE-2025-55184, GHSA-2m3v-v2m8-q956

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hc9w-hrbq-93c5

url VCID-k1q6-b8t3-hqb6

vulnerability_id VCID-k1q6-b8t3-hqb6

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55182.json

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55182.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55182

reference_id

reference_type

scores

value	0.84489
scoring_system	epss
scoring_elements	0.99345
published_at	2026-06-06T12:55:00Z

value	0.84541
scoring_system	epss
scoring_elements	0.99347
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55182

reference_url

https://github.com/facebook/react

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react

reference_url

https://github.com/facebook/react/commit/7dc903cd29dac55efb4424853fd0442fef3a8700

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react/commit/7dc903cd29dac55efb4424853fd0442fef3a8700

reference_url

https://github.com/facebook/react/pull/35277

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react/pull/35277

reference_url

https://github.com/facebook/react/releases/tag/v19.0.1

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react/releases/tag/v19.0.1

reference_url

https://github.com/facebook/react/releases/tag/v19.1.2

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react/releases/tag/v19.1.2

reference_url

https://github.com/facebook/react/releases/tag/v19.2.1

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react/releases/tag/v19.2.1

reference_url

https://github.com/vercel/next.js

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/vercel/next.js

reference_url

https://news.ycombinator.com/item?id=46136026

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://news.ycombinator.com/item?id=46136026

reference_url

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-12-06T04:55:43Z/

url

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

reference_url

http://www.openwall.com/lists/oss-security/2025/12/03/4

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/12/03/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2418613
reference_id	2418613
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2418613

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52506.py
reference_id	CVE-2025-55182
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52506.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-55182

reference_id

CVE-2025-55182

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-55182

reference_url

https://www.facebook.com/security/advisories/cve-2025-55182

reference_id

CVE-2025-55182

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-12-06T04:55:43Z/

url

https://www.facebook.com/security/advisories/cve-2025-55182

reference_url

https://github.com/ejpir/CVE-2025-55182-poc

reference_id

CVE-2025-55182-POC

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ejpir/CVE-2025-55182-poc

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2025-66478
reference_id	CVE-2025-66478
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2025-66478

reference_url

https://github.com/advisories/GHSA-9qr9-h5gf-34mp

reference_id

GHSA-9qr9-h5gf-34mp

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9qr9-h5gf-34mp

reference_url

https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp

reference_id

GHSA-9qr9-h5gf-34mp

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp

reference_url

https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp

reference_id

GHSA-fmh4-wr37-44fp

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-fmh4-wr37-44fp

reference_url

https://github.com/advisories/GHSA-fv66-9v8q-g76r

reference_id

GHSA-fv66-9v8q-g76r

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fv66-9v8q-g76r

reference_url

https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r

reference_id

GHSA-fv66-9v8q-g76r

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r

fixed_packages

url pkg:npm/react-server-dom-webpack@19.2.1

purl pkg:npm/react-server-dom-webpack@19.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vbs-dw4u-x3br

vulnerability	VCID-a9qu-qnde-t7f3

vulnerability	VCID-hc9w-hrbq-93c5

vulnerability	VCID-rqq3-xbes-x7ga

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-webpack@19.2.1

url	pkg:npm/react-server-dom-webpack@19.3.0-canary-06fcc8f3-20251009
purl	pkg:npm/react-server-dom-webpack@19.3.0-canary-06fcc8f3-20251009
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-webpack@19.3.0-canary-06fcc8f3-20251009

aliases CVE-2025-55182, CVE-2025-66478, GHSA-9qr9-h5gf-34mp, GHSA-fv66-9v8q-g76r

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1q6-b8t3-hqb6

url VCID-rqq3-xbes-x7ga

vulnerability_id VCID-rqq3-xbes-x7ga

summary react-server-dom-parcel: react-server-dom-turbopack: react-server-dom-webpack: denial of service via specially crafted HTTP requests to Server Function endpoints

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23869.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23869.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-23869

reference_id

reference_type

scores

value	0.00841
scoring_system	epss
scoring_elements	0.75113
published_at	2026-06-06T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.7511
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-23869

reference_url

https://github.com/facebook/react

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/facebook/react

reference_url

https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T19:55:33Z/

url

https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-23869

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-23869

reference_url

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2456663
reference_id	2456663
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2456663

reference_url	https://github.com/advisories/GHSA-479c-33wc-g2pg
reference_id	GHSA-479c-33wc-g2pg
reference_type
scores
url	https://github.com/advisories/GHSA-479c-33wc-g2pg

fixed_packages

url	pkg:npm/react-server-dom-webpack@19.2.5
purl	pkg:npm/react-server-dom-webpack@19.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-webpack@19.2.5

aliases CVE-2026-23869, GHSA-479c-33wc-g2pg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqq3-xbes-x7ga

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-webpack@19.2.0

Package Instance