Shopify Remix-run/react — known CVE vulnerabilities
Every CVE whose affected-product data names Shopify Remix-run/react, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-21884 — CVSS 8.2 (high): React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability…
CVE-2026-22029 — CVSS 8.0 (high): React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and…
CVE-2025-59057 — CVSS 7.6 (high): React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a…
CVE-2026-22030 — CVSS 6.5 (medium): React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React…