cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon react-native-community

CVE-2025-13466 in version 18.0.1?

Open creekorful opened this issue 1 month ago • 0 comments

Hello,

This seems related to a new security advisory published yesterday.

# npm audit report

body-parser  <2.2.1
Severity: moderate
body-parser is vulnerable to denial of service when url encoding is used - https://github.com/advisories/GHSA-wqch-xfxh-vrr4
fix available via `npm audit fix --force`
Will install @react-native-community/[email protected], which is a breaking change
node_modules/body-parser
  @react-native-community/cli-server-api  >=17.0.0
  Depends on vulnerable versions of body-parser
  node_modules/@react-native-community/cli-server-api
    @react-native-community/cli  >=17.0.0
    Depends on vulnerable versions of @react-native-community/cli-server-api
    node_modules/@react-native-community/cli

3 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Regards

creekorful avatar Nov 25 '25 18:11 creekorful