Share
## https://sploitus.com/exploit?id=CFA12C46-3A28-506C-980C-43D86FC1062C
# ๐Ÿ›ก๏ธ GitHub Vulnerability Scanner for CVE-2025-55182 (React/Next.js RCE)

This Python script is designed to scan all your public and private GitHub repositories for dependencies that are potentially vulnerable to **CVE-2025-55182** (a critical Remote Code Execution affecting specific versions of React Server Components and Next.js).

The script authenticates using a Personal Access Token (PAT), iterates through your repositories, checks the `package.json` file for vulnerable major versions, and generates a clean Markdown report.

## ๐Ÿ“ Prerequisites

1.  **Python:** Ensure you have Python (3.6 or newer) installed on your system.
2.  **Dependencies:** You need the `requests` and `packaging` libraries.

    ```bash
    pip install requests packaging
    ```

## โš™๏ธ Setup and Usage

### 1. Download the Script

Save the provided Python code as `scan.py`.

### 2. Generate a GitHub Personal Access Token (PAT)

**IMPORTANT: Do not share your token with anyone.** The script requires a PAT to access your private repositories.

#### **Steps to Generate the PAT:**

1.  **Go to Developer Settings:**
    * Log in to your [GitHub account](https://github.com).
    * Click your **Profile Picture** in the top-right corner.
    * Select **Settings** from the dropdown menu.
    * Scroll down the left-hand sidebar and click **Developer settings**.
2.  **Create a New Token (Classic):**
    * In the left sidebar, click **Personal access tokens**.
    * Select **Tokens (classic)**.
    * Click **Generate new token** and choose **Generate new token (classic)**.
3.  **Configure Permissions:**
    * **Note:** Give it a clear name (e.g., `CVE-2025-55182-Scan`).
    * **Expiration:** Set a short expiration (e.g., 7 days or less).
    * **Select Scopes:** Check the box labeled **`repo`** (Full control of private repositories). This is necessary to read the contents of `package.json` in all your repos.
4.  **Copy the Token:**
    * Click **Generate token**.
    * **IMMEDIATELY COPY** the resulting token string. It will only be shown once.

### 3. Run the Script

Execute the script from your terminal:

```bash
python scan.py