Facebook React
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Facebook React.
EOL Dates
Ensure that you are using a supported version of Facebook React. Here are some end of life, and end of support dates for Facebook React.
| Release | EOL Date | Status |
|---|---|---|
| 19 | - |
Active
|
| 18.3 | - |
Active
|
| 18.2 | - |
Active
|
| 18.1 | - |
Active
|
| 18 | - |
Active
|
| 17 | - |
Active
|
| 16 | - |
Active
|
| 15 | - |
Active
|
By the Year
In 2025 there have been 0 vulnerabilities in Facebook React. React did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 6.10 |
It may take a day or so for new React vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Facebook React Security Vulnerabilities
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time
CVE-2018-6341
6.1 - Medium
- December 31, 2018
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Facebook React or by Facebook? Click the Watch button to subscribe.
