@vitejs/plugin-rsc

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting @vitejs/plugin-rscpage 1 of 1

CVE-2025-67489CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.5.6
2025-12-09
@vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs (loadSer…
CVE-2025-68155HIGHCVSS 7.5EG 7.5✓ Fixed in 0.5.8
2025-12-16
@vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Prior to version 0.5.8, the `/__vite_rsc_findSourceMapURL` endpoint in `@vitejs/plugin-rsc` allows unauthenticated arbitrary file read during development mode. An a…

Check whether @vitejs/plugin-rsc is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @vitejs/plugin-rsc CVEs against the assets you own.

Start Free Scan →