npm package
@remix-run/react
pkg:npm/%40remix-run/react
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-21884 | — | < 2.17.3 | 2.17.3 | Jan 10, 2026 | React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering wh | ||
| CVE-2025-59057 | — | >= 1.15.0, < 2.17.1 | 2.17.1 | Jan 10, 2026 | React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta()/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitr |
- CVE-2026-21884Jan 10, 2026affected < 2.17.3fixed 2.17.3
React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering wh
- CVE-2025-59057Jan 10, 2026affected >= 1.15.0, < 2.17.1fixed 2.17.1
React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta()/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitr