Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

remix-run — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting remix-run. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Remix-run is a web framework for building modern, server-rendered web applications with a focus on performance and developer experience. Historically, it has been associated with vulnerabilities like cross-site scripting (XSS) due to improper input handling and server-side request forgery (SSRF) from inadequate URL validation. While no major security incidents have been widely documented, the 9 CVEs on record highlight recurring issues in template rendering and route handling. The framework's emphasis on server-first architecture reduces certain client-side risks but requires careful implementation to prevent common web vulnerabilities like XSS and SSRF.

Found 9 results / 9Clear Filters
Top products by remix-run: react-router
CVE IDTitleCVSSSeverityPublished
CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing — react-routerCWE-346 6.5 Medium2026-01-10
CVE-2026-22029 React Router vulnerable to XSS via Open Redirects — react-routerCWE-79 8.0 High2026-01-10
CVE-2026-21884 React Router SSR XSS in ScrollRestoration — react-routerCWE-79 8.2 High2026-01-10
CVE-2025-61686 React Router has Path Traversal in File Session Storage — react-routerCWE-22 9.1 Critical2026-01-10
CVE-2025-59057 React Router has XSS Vulnerability — react-routerCWE-79 7.6 High2026-01-10
CVE-2025-68470 React Router has unexpected external redirect via untrusted paths — react-routerCWE-601 6.5 Medium2026-01-10
CVE-2025-43865 React Router allows pre-render data spoofing on React-Router framework mode — react-routerCWE-345 8.2 High2025-04-25
CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode — react-routerCWE-755 7.5 High2025-04-25
CVE-2025-31137 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers — react-routerCWE-444 5.3 -2025-04-01

This page lists every published CVE security advisory associated with remix-run. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.