Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-cpqf-f22c-r95x: Vite Plugin React has a Denial of Service Vulnerability in React Server Components

Impact

@vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository’s advisory https://github.com/facebook/react/security/advisories/GHSA-7gmr-mq3h-m5h9

Patches

Upgrade immediately to @vitejs/plugin-rsc@0.5.7 or later.

ghsa
Open in Source
#vulnerability#web#dos#nodejs#js#git#intel

Skip to content

Navigation Menu

    • AI CODE CREATION

      • GitHub CopilotWrite better code with AI

      • GitHub SparkBuild and deploy intelligent apps

      • GitHub ModelsManage and compare prompts

      • MCP RegistryNewIntegrate external tools

View all features
  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-cpqf-f22c-r95x

Vite Plugin React has a Denial of Service Vulnerability in React Server Components

High severity GitHub Reviewed Published Dec 12, 2025 in vitejs/vite-plugin-react • Updated Dec 12, 2025

Package

npm @vitejs/plugin-rsc (npm)

Affected versions

<= 0.5.6

Description

Impact

@vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository’s advisory GHSA-7gmr-mq3h-m5h9

Patches

Upgrade immediately to @vitejs/plugin-rsc@0.5.7 or later.

References

  • GHSA-cpqf-f22c-r95x

Published to the GitHub Advisory Database

Dec 12, 2025

Last updated

Dec 12, 2025

EPSS score

ghsa: Latest News

GHSA-55jh-84jv-8mx8: Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule
ghsa