Original Proof-of-Concepts for React2Shell CVE-2025-55182
-
Updated
Dec 5, 2025 - JavaScript
#
react2shell
Here are 25 public repositories matching this topic...
React2Shell Auto Exploit: A CLI tool to exploit prototype pollution vulnerabilities (RCE) in React Server Actions
react cli exploit reactjs scanner nextjs rce next exploit-kit exploit-development rce-exploit server-components rce-scanner rce-testing react2shell react-rce react-exploit
-
Updated
Dec 6, 2025 - Python
Security scanner for CVE-2025-55182 - Critical RCE vulnerability in React Server Components. Scan npm/pnpm/yarn lockfiles, Docker images, SBOMs, and live URLs. Auto-fix, SARIF output, GitHub Actions, Vercel integration, and runtime protection middleware.
-
Updated
Dec 7, 2025 - TypeScript
Docker poc lab for CVE-2025-55182 detection and exploitation
react docker proof-of-concept nextjs docker-image lab poc vulnerability cve cve-2025-55182 react2shell
-
Updated
Dec 5, 2025 - JavaScript
react2shell-scanner is a security research tool designed to detect and demonstrate potentially dangerous patterns in React-based codebases that could lead to command injection, unsafe environment handling, insecure API usage, or other high-impact vulnerabilities.
-
Updated
Dec 8, 2025 - Python
rsc-detect-cve-2025-55182 is a static analysis tool designed to detect potential indicators of CVE-2025-55182
-
Updated
Dec 8, 2025 - Python
Step-by-step walkthrough of CVE-2025-55182 (React2Shell) by tracing React's Flight protocol internals.
-
Updated
Dec 8, 2025
Nuclei template for detecting react2shell (CVE-2025-55182 & CVE-2025-66478)
-
Updated
Dec 4, 2025
chrome extension to detect next.js sites vulnerable to CVE-2025-55182 (react2shell)
-
Updated
Dec 6, 2025 - TypeScript
React2Shell, CVE-2025-55182, RCE Vulnerability: A critical breakdown of the unsafe deserialization flaw in React Server Components that enables unauthenticated remote code execution across default React/Next.js setups.
-
Updated
Dec 6, 2025
CVE-2025-55182 – React2Shell: Proof-of-Concept Remote Code Execution (RCE) exploit for Next.js apps. Features an interactive shell prompt to test and demonstrate the vulnerability in real time. Use for security research and authorized penetration-testing only.
-
Updated
Dec 7, 2025 - Python
React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack, contain a remote code execution vulnerability.
-
Updated
Dec 6, 2025
This repository contains a POC of CVE-2025-55182, a critical (CVSS score 10.0) pre-authentication remote code execution vulnerability affecting React Server Components, also known as React2Shell.
-
Updated
Dec 6, 2025 - TypeScript
Advanced security testing tool for CVE-2025-55182 vulnerability assessment in Next.js applications. Features interactive shell, batch scanning, WAF bypass, and comprehensive reporting.
-
Updated
Dec 6, 2025 - Python
A test server for demonstrating and testing React2Shell (CVE-2025-55182) vulnerability
-
Updated
Dec 6, 2025 - TypeScript
A Chrome extension for detecting React2Shell vulnerabilities (CVE-2025-55182 & CVE-2025-66478) in web applications
-
Updated
Dec 8, 2025 - TypeScript
PoC for React2Shell (CVE-2025-55182)
-
Updated
Dec 7, 2025 - Python
CVE-2025-55182 + CVE-2025-66478 - Next.js/React Server Components Remote Code Execution
-
Updated
Dec 8, 2025 - Python
Torito React2Shell Scanner & Exploit Tool (CVE-2025-55182 / 66478)
-
Updated
Dec 7, 2025 - Python
Detect CVE-2025-55182 (React2Shell) RCE vulnerability in React Server Components. Fast, accurate scanner with zero false positives.
-
Updated
Dec 8, 2025 - Shell
Improve this page
Add a description, image, and links to the react2shell topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the react2shell topic, visit your repo's landing page and select "manage topics."