By vendor
Turbo-Stream vulnerabilities
Known CVEs affecting Turbo-Stream products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-34077HIGH 7.5
React Router versions 7.7.0 through 7.13.1 contain a client-side Cross-Site Scripting (XSS) vulnerability when using the unstable React Server Components (RSC) APIs. If an application accepts redirect parameters from untrusted sources and processes them through React Router's RSC redirect handling, an attacker could inject malicious scripts that execute in users' browsers. The vulnerability does not affect applications that do not use the unstable RSC APIs. Shopify's React Router package released patch version 7.13.2 to address this issue.