JavaScript is a high-level, interpreted programming language essential for creating interactive web applications, running directly in web browsers to enable dynamic content and user interface enhancements. It is integral to the web development stack, working seamlessly with HTML and CSS to build responsive and feature-rich websites.

JavaScript

### Withdrawn Advisory
This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency.
### Original Description
LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182.
[2025-12-15] Edit: the last fixes published by React were not thorough, a new set of fix releases completes the mitigation; see https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-22787	HIGH	8.7	JavaScript	html2pdf.js	No	Yes	Jan 14, 2026
CVE-2026-22820	MEDIUM	6.3	JavaScript	outray	No	Yes	Jan 14, 2026
CVE-2026-22819	MEDIUM	5.9	JavaScript	outray	No	Yes	Jan 14, 2026
CVE-2026-22036	LOW	3.7	JavaScript	node-undici	No	Yes	Jan 14, 2026
GHSA-73rr-hh4g-fpgx	LOW	N/A	JavaScript	diff	No	Yes	Jan 14, 2026

GHSA-vr6p-vq2p-6j74:
JavaScript vulnerability analysis and mitigation

Withdrawn Advisory

Original Description

10

Related JavaScript vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

GHSA-vr6p-vq2p-6j74: JavaScript vulnerability analysis and mitigation