## https://sploitus.com/exploit?id=CFA12C46-3A28-506C-980C-43D86FC1062C
# ๐ก๏ธ GitHub Vulnerability Scanner for CVE-2025-55182 (React/Next.js RCE)
This Python script is designed to scan all your public and private GitHub repositories for dependencies that are potentially vulnerable to **CVE-2025-55182** (a critical Remote Code Execution affecting specific versions of React Server Components and Next.js).
The script authenticates using a Personal Access Token (PAT), iterates through your repositories, checks the `package.json` file for vulnerable major versions, and generates a clean Markdown report.
## ๐ Prerequisites
1. **Python:** Ensure you have Python (3.6 or newer) installed on your system.
2. **Dependencies:** You need the `requests` and `packaging` libraries.
```bash
pip install requests packaging
```
## โ๏ธ Setup and Usage
### 1. Download the Script
Save the provided Python code as `scan.py`.
### 2. Generate a GitHub Personal Access Token (PAT)
**IMPORTANT: Do not share your token with anyone.** The script requires a PAT to access your private repositories.
#### **Steps to Generate the PAT:**
1. **Go to Developer Settings:**
* Log in to your [GitHub account](https://github.com).
* Click your **Profile Picture** in the top-right corner.
* Select **Settings** from the dropdown menu.
* Scroll down the left-hand sidebar and click **Developer settings**.
2. **Create a New Token (Classic):**
* In the left sidebar, click **Personal access tokens**.
* Select **Tokens (classic)**.
* Click **Generate new token** and choose **Generate new token (classic)**.
3. **Configure Permissions:**
* **Note:** Give it a clear name (e.g., `CVE-2025-55182-Scan`).
* **Expiration:** Set a short expiration (e.g., 7 days or less).
* **Select Scopes:** Check the box labeled **`repo`** (Full control of private repositories). This is necessary to read the contents of `package.json` in all your repos.
4. **Copy the Token:**
* Click **Generate token**.
* **IMMEDIATELY COPY** the resulting token string. It will only be shown once.
### 3. Run the Script
Execute the script from your terminal:
```bash
python scan.py