Share
## https://sploitus.com/exploit?id=A126184D-683D-5C69-B891-C22DFC386A82
### Output Example

```
๐Ÿš€ Starting the CVE-2025-55182 full access scanner... ๐Ÿ” Accessing all repositories accessible via the Token... ๐Ÿ“„ Scanned page 3 of 137 repositories.

๐Ÿ“‹ Summary of scans:
Total repositories: 137
Private repositories: 67
Projects with package.json: 72
Projects using React: 26
Projects using Next.js: 24
โŒ Projects containing CVE-2025-55182: 12

๐Ÿ‘ฅ By owner:
๐Ÿ‘ค xiaoxiunique: 130 repositories (67 scanned, 67 private)
 10 vulnerabilities found
๐Ÿข unify-procotol: 4 repositories (4 scanned, 0 private)
 2 vulnerabilities found

๐Ÿšจ Projects containing CVE-2025-55182:

โŒ xiaoxiunique/1k-github-stars (public)
 Owner: xiaoxiunique (User)
 React version: ^19 โš ๏ธ
 Next.js version: 15.1.0 โš ๏ธ
 fixed versions!
```

### Explanation of results

- โœ… **Secure projects** โ€“ Using secure React versions or non-React projects

- โŒ **Vulnerability Projects** โ€“ Projects using affected React versions 19.x
- ๐Ÿ”’ **Private Repositories** โ€“ Repositories accessible only to Token holders
- ๐ŸŒ **Public Repositories** โ€“ Repositories visible to all GitHub users

## Fix Suggestions

### Immediate Actions

1. **Stop using** the development servers with affected versions.
2. **Check whether** the production environment has deployed affected versions.
3. **Focus on fixing** the public repositories and online services first.

### Upgrade Commands

```bash
# For React 19.0.0
npm install react@19.0.1 react-dom@19.0.1

# For React 19.1.0/19.1.1
npm install react@19.1.2 react-dom@19.1.2

# For React 19.2.0
npm install react@19.2.1 react-dom@19.2.1

# Use yarn
yarn upgrade react@19.0.1 react-dom@19.0.1

# Use pnpm
pnpm update react@19.0.1 react-dom@19.0.1
```

### Verification of Fixes

```bash
npm audit
# Or
yarn audit
```

## Technical Implementation

### Scan Logic

1. **Repository Acquisition** โ€“ Obtain all repositories accessible via GitHub API using a Token.
2. **Smart Filtering** โ€“ Identify frontend projects that may contain React.
3. **Dependency Analysis** โ€“ Parse React and Next.js versions in `package.json`.
4. **Vulnerability Detection** โ€“ Match exact affected version ranges.
5. **Result Aggregation** โ€“ Group results by owner and type.

### Version Detection

```typescript
// Affected version ranges
const vulnerableRanges = [
 { start: '19.0.0', end: '19.0.0' },
 { start: '19.1.0', end: '19.1.1' },
 { start: '19.2.0', end: '19.2.0' }
];
```

### Security Considerations

- โœ… Tokens are used only in memory; not stored persistently.
- โœ… Real-time API validation ensures Token validity.
- โœ… Rate limiting protection prevents API abuse.
- โœ… Error handling is robust; sensitive information is not leaked.

## Configuration Options

### Environment Variables

```bash
# Optional: Set API request delay (in milliseconds)
export SCAN_DELAY=1000

# Optional: Set concurrent batch size
export BATCH_SIZE=10
```

### Custom Configurations

You can modify the following parameters in the script:

```typescript
const perPage = 100; // Number of repositories per page
const batchSize = 10; // Batch size
const delay = 1000; // Request delay
```

## Troubleshooting

### Common Issues

**Q: Token authentication failed**
```
A: Check if the Token is valid and if you have sufficient permissions.
```

**Q: Organization repositories inaccessible**
```
A: Fine-grained Tokens may not access organization repositories. Use Classic Tokens instead.
```

**Q: API rate limit**
```
A: Wait a few minutes and try again, or reduce the number of concurrent requests.
```

**Q: Some repositories failed to be scanned**
```
A: This is normal; perhaps the repository does not have a `package.json` file or there is a network issue.
```

### Debug Mode

```bash
# Enable detailed logs
DEBUG=true bun scan-all-accessible-repos.ts YOUR_TOKEN
```

## Contributions

Feel free to submit Issues and Pull Requests to improve this tool! ### Development Environment Setup

```bash
# Install dependencies
bun install

# Run tests
bun test

# Code inspection
bun run lint
```

## License

MIT License โ€“ See the [LICENSE](LICENSE) file for details.

## Disclaimer

This tool is used solely for security testing and educational purposes. Please use it responsibly; do not use it for unauthorized scanning activities. ## Update Log

### v1.0.0
- โœ… Initial version release
- โœ… CVE-2025-55182 vulnerability detection
- โœ… Full repository scanning feature
- โœ… Detailed statistical reports

---

**๐Ÿ›ก๏ธ Stay safe and scan regularly!**

If you have any questions or suggestions, please create an [Issue](../../issues) or contact the maintainers.

[source-iocs-preserved url=https://bun.sh/,https://github.com/settings/tokens,https://github.com/settings/tokens?type=beta,https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components,https://vercel.com/changelog/cve-2025-55182 const=YOUR_GITHUB_TOKEN]