React SPA security posture
Review linked rules in the directory and use Composer to export guardrails for your IDE. Detailed posture metrics will appear here as the catalog grows.
2 linked rules in the directory.
Top risks for this stack
00 critical06 high
React Router vulnerable to Denial of Service via reflected user input in single-fetchHIGH
Jun 2026
No rule coverage yet — consider contributing a rule.
Allocation of Resources Without Limits or Throttling in AxiosHIGH
Jun 2026
No rule coverage yet — consider contributing a rule.
React Router vulnerable to DoS via unbounded path expansion in __manifest endpointHIGH
Jun 2026
No rule coverage yet — consider contributing a rule.
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCEHIGH
Jun 2026
No rule coverage yet — consider contributing a rule.
React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretationMEDIUM
Jun 2026
No rule coverage yet — consider contributing a rule.
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targetsHIGH
Jun 2026
No rule coverage yet — consider contributing a rule.
React Router has stored XSS via unescaped Location header in prerendered redirect HTMLMEDIUM
Jun 2026
No rule coverage yet — consider contributing a rule.
axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`HIGH
May 2026
Rule coverage exists — verify in Composer export.