Back to list

React/Next.js serialization vulnerabilities expose TypeScript runtime risks

9/10 Critical

Critical security vulnerabilities like React2Shell (CVE-2025-55182, CVSS 10.0) in Next.js RSC serialization revealed that full-stack JavaScript and TypeScript lack secure serialization models. These runtime CVEs forced developers to reassess security assumptions in TypeScript/React stacks.

TypeScriptReactNext.js
Category
security
Workaround
solid
Stage
deploy
Freshness
worsening
Scope
framework
Upstream
open
Recurring
Yes
Buyer Type
enterprise
Maintainer
active

Sources

Collection History

Query: “What are the most common pain points with TypeScript in 2025?3/27/2026

React2Shell RCE (CVE-2025-55182), a CVSS 10.0 vulnerability forcing a reevaluation of security models governing full-stack JavaScript... RSC serialization, while Angular's XSS and other runtime CVEs kept security upgrades at the top of 2025's backlog.

Created: 3/27/2026Updated: 3/27/2026