Here's what shocked us:
🔴 XSS vulnerability - user uploaded files reflected without sanitization
🔴 Code injection via eval() - arbitrary code execution possible
🔴 Missing authentication on POST endpoints
🔴 Path traversal - attackers can overwrite system files
🔴 Secrets exposed to client via environment variables
This is not some unknown side project.
This is the framework your entire frontend probably runs on.
We are not saying React is broken.
We are saying - no codebase is perfect.
Not even the ones you trust the most.
That's exactly why code scanning exists.
Not to blame. Not to scare.
But to know.
Because the earlier you find it, the cheaper it is to fix.
Full React scan report → https://tryrelia.com/sample-project/relia_YXTRmhC9X-ZezgsV519NDApgYO6LzQdu91oCF_BowpnmzH9TLlgxlYQwKz35BaJ8
Top comments (0)