Version 18.3.1
react
The library for web and native user interfaces.
Install Instructions
npm install react
Current Version Release Date April 26, 2024
Language JavaScript/TypeScript
Package URL (purl) pkg:npm/react@18.3.1
Find react
vulnerabilities in your supply chain.
react Vulnerabilities
Sort by
CVE (Latest)
CVE | CVSS Score | CWE(s) | EPSS Score | EPSS % | Impacted Versions |
---|---|---|---|---|---|
CVE-2018-6341 | Medium 6.1 | CWE-79 | 0.00085 | 0.37381 |
|
CVE-2013-7035 | Unknown | CWE-79 | None | None |
|
react Vulnerability Remediation Guidance
CVE | Description | Full list of Impacted Versions | Fix |
---|---|---|---|
CVE-2018-6341 | React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2. | 16.3.1, 16.4.0, 16.2.0, 16.1.0, 16.1.1, 16.3.0, 16.4.1, 16.3.2 (Show all) | Minor → 16.4.0-alpha.3174632 |
CVE-2013-7035 | None | 0.5.0, 0.5.1 | Patch → 0.5.2 |
Instantly see if these react
vulnerabilities affect your code.