All projects

Security context

What an agent needs to avoid regressing past fixes — and find the next bug in this project.

Next.js
vercel/next.js

The React framework for the web.

npm · next
55
Advisories
47
CVEs
Critical
Peak severity
55
With fix diff

Distribution

By severity

Critical
2
High
22
Medium
23
Low
8

By weakness class

Other
18
Denial of Service
13
Cross-site Scripting
4
Auth / Access Control
4
Improper Validation
4
SSRF
3
Path Traversal
3
Deserialization
2
Open Redirect
2
CSRF
1

Every fixed vulnerability (55)

High22 fixed
HighNext.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up2mo agoHighNext.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components2mo agoHighNext.js vulnerable to server-side request forgery in applications using WebSocket upgrades2mo agoHighNext.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes2mo agoHighNext.js has a Middleware / Proxy bypass through dynamic route parameter injection2mo agoHighNext.js has a Middleware / Proxy bypass in Pages Router applications using i18n2mo agoHighNext.js Vulnerable to Denial of Service with Server Components2mo agoHighNext.js has a Denial of Service with Server Components3mo agoHighNext.js HTTP request deserialization can lead to DoS when using insecure React Server Components5mo agoHighNext has a Denial of Service with Server Components - Incomplete Fix Follow-Up7mo agoHighNext Vulnerable to Denial of Service with Server Components7mo agoHighNext.JS vulnerability can lead to DoS via cache poisoning 1y agoHighNext.js authorization bypass vulnerability1y agoHighNext.js Cache Poisoning1y agoHighNext.js Denial of Service (DoS) condition2y agoHighNext.js Server-Side Request Forgery in Server Actions2y agoHighNext.js Vulnerable to HTTP Request Smuggling2y agoHighUnexpected server crash in Next.js.4y agoHighXSS in Image Optimization API for Next.js4y agoHighRemote Code Execution in next5y agoHighDirectory traversal vulnerability in Next.js8y agoHighNext.js Directory Traversal Vulnerability8y ago
Medium23 fixed
MediumNext.js vulnerable to cross-site scripting in App Router applications using CSP nonces2mo agoMediumNext.js has cross-site scripting in beforeInteractive scripts with untrusted input2mo agoMediumNext.js has a Denial of Service in the Image Optimization API2mo agoMediumNext.js vulnerable to cache poisoning in React Server Component responses2mo agoMediumNext.js: HTTP request smuggling in rewrites4mo agoMediumNext.js: Unbounded next/image disk cache growth can exhaust storage4mo agoMediumNext.js: Unbounded postponed resume buffering can lead to DoS4mo agoMediumNext.js: null origin can bypass Server Actions CSRF checks4mo agoMediumNext.js has Unbounded Memory Consumption via PPR Resume Endpoint 5mo agoMediumNext.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration5mo agoMediumNext Server Actions Source Code Exposure 7mo agoMediumNext.js Affected by Cache Key Confusion for Image Optimization API Routes10mo agoMediumNext.js Content Injection Vulnerability for Image Optimization10mo agoMediumNext.js Improper Middleware Redirect Handling Leads to SSRF10mo agoMediumNext.js Allows a Denial of Service (DoS) with Server Actions1y agoMediumDenial of Service condition in Next.js image optimization1y agoMediumUnexpected server crash in Next.js3y agoMediumImproper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.04y agoMediumDenial of Service Vulnerability in next.js4y agoMediumOpen Redirect in Next.js4y agoMediumOpen Redirect in Next.js versions5y agoMediumDirectory Traversal in Next.js6y agoMediumNext.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page7y ago