npm package
react-server-dom-parcel
pkg:npm/react-server-dom-parcel
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23870 | Hig | 7.5 | >= 19.0.0, < 19.0.6 | 19.0.6 | May 6, 2026 | A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-serv | |
| CVE-2026-23869 | Hig | 7.5 | >= 19.0.0, < 19.0.5 | 19.0.5 | Apr 8, 2026 | A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerab | |
| CVE-2026-23864 | — | >= 19.0.0, < 19.0.4 | 19.0.4 | Jan 26, 2026 | Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Fu | ||
| CVE-2025-67779 | — | >= 19.0.2, < 19.0.3 | 19.0.3 | Dec 11, 2025 | It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads f | ||
| CVE-2025-55184 | — | >= 19.0.0, < 19.0.2 | 19.0.2 | Dec 11, 2025 | A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulne | ||
| CVE-2025-55183 | — | >= 19.0.0, < 19.0.2 | 19.0.2 | Dec 11, 2025 | An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A | ||
| CVE-2025-55182 | — | KEV | >= 19.0.0, < 19.0.1 | 19.0.1 | Dec 3, 2025 | A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely |
- affected >= 19.0.0, < 19.0.6fixed 19.0.6
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-serv
- affected >= 19.0.0, < 19.0.5fixed 19.0.5
A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerab
- CVE-2026-23864Jan 26, 2026affected >= 19.0.0, < 19.0.4fixed 19.0.4
Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Fu
- CVE-2025-67779Dec 11, 2025affected >= 19.0.2, < 19.0.3fixed 19.0.3
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads f
- CVE-2025-55184Dec 11, 2025affected >= 19.0.0, < 19.0.2fixed 19.0.2
A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulne
- CVE-2025-55183Dec 11, 2025affected >= 19.0.0, < 19.0.2fixed 19.0.2
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A
- affected >= 19.0.0, < 19.0.1fixed 19.0.1
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely