## https://sploitus.com/exploit?id=A126184D-683D-5C69-B891-C22DFC386A82
### Output Example
```
๐ Starting the CVE-2025-55182 full access scanner... ๐ Accessing all repositories accessible via the Token... ๐ Scanned page 3 of 137 repositories.
๐ Summary of scans:
Total repositories: 137
Private repositories: 67
Projects with package.json: 72
Projects using React: 26
Projects using Next.js: 24
โ Projects containing CVE-2025-55182: 12
๐ฅ By owner:
๐ค xiaoxiunique: 130 repositories (67 scanned, 67 private)
10 vulnerabilities found
๐ข unify-procotol: 4 repositories (4 scanned, 0 private)
2 vulnerabilities found
๐จ Projects containing CVE-2025-55182:
โ xiaoxiunique/1k-github-stars (public)
Owner: xiaoxiunique (User)
React version: ^19 โ ๏ธ
Next.js version: 15.1.0 โ ๏ธ
fixed versions!
```
### Explanation of results
- โ **Secure projects** โ Using secure React versions or non-React projects
- โ **Vulnerability Projects** โ Projects using affected React versions 19.x
- ๐ **Private Repositories** โ Repositories accessible only to Token holders
- ๐ **Public Repositories** โ Repositories visible to all GitHub users
## Fix Suggestions
### Immediate Actions
1. **Stop using** the development servers with affected versions.
2. **Check whether** the production environment has deployed affected versions.
3. **Focus on fixing** the public repositories and online services first.
### Upgrade Commands
```bash
# For React 19.0.0
npm install react@19.0.1 react-dom@19.0.1
# For React 19.1.0/19.1.1
npm install react@19.1.2 react-dom@19.1.2
# For React 19.2.0
npm install react@19.2.1 react-dom@19.2.1
# Use yarn
yarn upgrade react@19.0.1 react-dom@19.0.1
# Use pnpm
pnpm update react@19.0.1 react-dom@19.0.1
```
### Verification of Fixes
```bash
npm audit
# Or
yarn audit
```
## Technical Implementation
### Scan Logic
1. **Repository Acquisition** โ Obtain all repositories accessible via GitHub API using a Token.
2. **Smart Filtering** โ Identify frontend projects that may contain React.
3. **Dependency Analysis** โ Parse React and Next.js versions in `package.json`.
4. **Vulnerability Detection** โ Match exact affected version ranges.
5. **Result Aggregation** โ Group results by owner and type.
### Version Detection
```typescript
// Affected version ranges
const vulnerableRanges = [
{ start: '19.0.0', end: '19.0.0' },
{ start: '19.1.0', end: '19.1.1' },
{ start: '19.2.0', end: '19.2.0' }
];
```
### Security Considerations
- โ Tokens are used only in memory; not stored persistently.
- โ Real-time API validation ensures Token validity.
- โ Rate limiting protection prevents API abuse.
- โ Error handling is robust; sensitive information is not leaked.
## Configuration Options
### Environment Variables
```bash
# Optional: Set API request delay (in milliseconds)
export SCAN_DELAY=1000
# Optional: Set concurrent batch size
export BATCH_SIZE=10
```
### Custom Configurations
You can modify the following parameters in the script:
```typescript
const perPage = 100; // Number of repositories per page
const batchSize = 10; // Batch size
const delay = 1000; // Request delay
```
## Troubleshooting
### Common Issues
**Q: Token authentication failed**
```
A: Check if the Token is valid and if you have sufficient permissions.
```
**Q: Organization repositories inaccessible**
```
A: Fine-grained Tokens may not access organization repositories. Use Classic Tokens instead.
```
**Q: API rate limit**
```
A: Wait a few minutes and try again, or reduce the number of concurrent requests.
```
**Q: Some repositories failed to be scanned**
```
A: This is normal; perhaps the repository does not have a `package.json` file or there is a network issue.
```
### Debug Mode
```bash
# Enable detailed logs
DEBUG=true bun scan-all-accessible-repos.ts YOUR_TOKEN
```
## Contributions
Feel free to submit Issues and Pull Requests to improve this tool! ### Development Environment Setup
```bash
# Install dependencies
bun install
# Run tests
bun test
# Code inspection
bun run lint
```
## License
MIT License โ See the [LICENSE](LICENSE) file for details.
## Disclaimer
This tool is used solely for security testing and educational purposes. Please use it responsibly; do not use it for unauthorized scanning activities. ## Update Log
### v1.0.0
- โ Initial version release
- โ CVE-2025-55182 vulnerability detection
- โ Full repository scanning feature
- โ Detailed statistical reports
---
**๐ก๏ธ Stay safe and scan regularly!**
If you have any questions or suggestions, please create an [Issue](../../issues) or contact the maintainers.
[source-iocs-preserved url=https://bun.sh/,https://github.com/settings/tokens,https://github.com/settings/tokens?type=beta,https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components,https://vercel.com/changelog/cve-2025-55182 const=YOUR_GITHUB_TOKEN]