rwsdk

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting rwsdkpage 1 of 1

CVE-2026-39371HIGHCVSS 8.1EG 8.1✓ Fixed in 1.0.6
2026-04-07
RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this…
CVE-2026-42190MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.2.3
2026-05-08
RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browse…

Check whether rwsdk is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for rwsdk CVEs against the assets you own.

Start Free Scan →