Skip to content

Add CVE-2025-55182 alias to GHSA-9qr9-h5gf-34mp #6524

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bottarocarlo wants to merge 1 commit into
base: bottarocarlo/advisory-improvement-6524
Choose a base branch
from
Open

Add CVE-2025-55182 alias to GHSA-9qr9-h5gf-34mp #6524

bottarocarlo wants to merge 1 commit into from
+4 −2

Conversation

@bottarocarlo
Copy link

@bottarocarlo bottarocarlo commented Dec 9, 2025

Added CVE-2025-55182 as an alias to the GitHub Security Advisory GHSA-9qr9-h5gf-34mp to link the upstream React Server Components vulnerability with the downstream Next.js App Router advisory. This ensures vulnerability tracking tools and audits can reference both identifiers consistently.

Copilot AI review requested due to automatic review settings December 9, 2025 20:01
@github-actions github-actions bot changed the base branch from main to bottarocarlo/advisory-improvement-6524 December 9, 2025 20:02
Copilot AI reviewed Dec 9, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds CVE-2025-55182 as an alias to GitHub Security Advisory GHSA-9qr9-h5gf-34mp, which tracks a critical Remote Code Execution vulnerability in Next.js's React flight protocol. The CVE was already referenced in the advisory's details and references sections, and this change properly includes it in the structured aliases array for improved vulnerability tracking and cross-referencing.

Key Changes:

  • Added CVE-2025-55182 to the aliases array in the advisory JSON schema

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@bottarocarlo
Copy link
Author

bottarocarlo commented Dec 9, 2025

Hi @shelbyc , I saw your comment #6496 (comment) The missing CVE is causing some false negatives in various vulnerability scanning tools. As an alternative, should we add next and reactjs to GHSA-fv66-9v8q-g76r?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bottarocarlo