GHSA-vr6p-vq2p-6j74: Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions
(updated )
Withdrawn Advisory
This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency.
Original Description
LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182.
References
- github.com/advisories/GHSA-vr6p-vq2p-6j74
- github.com/github/advisory-database/pull/6561
- github.com/likec4/likec4
- github.com/likec4/likec4/security/advisories/GHSA-vr6p-vq2p-6j74
- nvd.nist.gov/vuln/detail/CVE-2025-55182
- react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
Code Behaviors & Features
Detect and mitigate GHSA-vr6p-vq2p-6j74 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →