Remix-Run React vulnerabilities
2 known vulnerabilities affecting remix-run/react.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2026-21884P3HIGH≥ 0, < 2.17.32026-01-08
CVE-2026-21884 [HIGH] CWE-79 React Router SSR XSS in ScrollRestoration
React Router SSR XSS in ScrollRestoration
A XSS vulnerability exists in in React Router's `` API in [Framework Mode](https://reactrouter.com/start/modes#framework) when using the `getKey`/`storageKey` props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys.
> [!NOTE]
> This does not impact applications if developers have [disabled serve
ghsaosv
CVE-2025-59057P3HIGH≥ 1.15.0, < 2.17.12026-01-08
CVE-2025-59057 [HIGH] CWE-79 React Router has XSS Vulnerability
React Router has XSS Vulnerability
A XSS vulnerability exists in in React Router's `meta()`/`` APIs in [Framework Mode](https://reactrouter.com/start/modes#framework) when generating `script:ld+json` tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag.
> [!NOTE]
> This does not impact applications using [Declarative Mode](https://reactrouter.com/start/modes#declarative)
ghsaosv