Security Vulnerability: CVE-2025-27789 in rc-mentions@^2.19.1 (via @babel/runtime@^7.22.5)

Hello,

I would like to report a security vulnerability (CVE-2025-27789) found in rc-mentions@^2.19.1, which depends on @babel/runtime@^7.22.5.

Issue Details:
Affected Package: rc-mentions@^2.19.1
Vulnerable Dependency: @babel/runtime@^7.22.5
CVE: [CVE-2025-27789](https://github.com/react-component/mentions/issues/new#) (Add a reference link if available)
Impact: (Describe the risk—e.g., "This vulnerability may allow XSS attacks or remote code execution.")
Suggested Fix:
Upgrade @babel/runtime to a secure version if available.
If rc-mentions has a newer release that addresses this issue, please consider upgrading.
Could you confirm if there is a planned fix for this issue? Thank you.

Best regards,

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Vulnerability: CVE-2025-27789 in rc-mentions@^2.19.1 (via @babel/runtime@^7.22.5) #292

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security Vulnerability: CVE-2025-27789 in rc-mentions@^2.19.1 (via @babel/runtime@^7.22.5) #292

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions