Facebook React 19.0.0
Approved changes feed: RSS · Atom
cpe:2.3:a:facebook:react:19.0.0:*:*:*:*:*:*:*
part: a version: 19.0.0 update: *
| Vendor | Facebook (c319c35a-3469-5baa-b3bd-8582d1206a92) |
|---|---|
| Product | React (3c2f939b-1242-5074-ad26-c0e9ad15122a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/facebook/react |
purl2cpe | 2026-06-01 10:11:42.907862 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-55182 |
vulnerable | 2026-06-03 15:04:57.844598 |
Details available
CRITICAL (10)
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
Published: 2025-12-03T15:40:56.894Z
Updated: 2026-02-26T16:57:36.794Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.