Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

next.js — Vulnerabilities & Security Advisories 29

All 29 CVE vulnerabilities found in next.js, with AI-generated Chinese analysis, references, and POCs.

Vendor: vercel

CVE IDTitleCVSSSeverityPaused
CVE-2026-29057 Next.js: HTTP request smuggling in rewrites CWE-444 9.1 -2026-03-18
CVE-2026-27980 Next.js: Unbounded next/image disk cache growth can exhaust storage CWE-400 6.5 -2026-03-18
CVE-2026-27979 Next.js: Unbounded postponed resume buffering can lead to DoS CWE-770 5.4 -2026-03-18
CVE-2026-27978 Next.js: null origin can bypass Server Actions CSRF checks CWE-352 8.8 -2026-03-17
CVE-2026-27977 Next.js: null origin can bypass dev HMR websocket CSRF checks CWE-1385 7.1 -2026-03-17
CVE-2025-13984 Next.js - Critical - Access bypass - SA-CONTRIB-2025-122 CWE-942 6.1AIMediumAI2026-01-28
CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes CWE-524 6.2 Medium2025-08-29
CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization CWE-20 4.3 Medium2025-08-29
CVE-2025-57822 Next.js Improper Middleware Redirect Handling Leads to SSRF CWE-918 6.5 Medium2025-08-29
CVE-2025-49826 Next.js DoS vulnerability via cache poisoning CWE-444 7.5 High2025-07-03
CVE-2025-49005 Next.js cache poisoning due to omission of Vary header CWE-444 3.7 Low2025-07-03
CVE-2025-48068 Information exposure in Next.js dev server due to lack of origin verification CWE-1385 2.5AILowAI2025-05-30
CVE-2025-32421 Next.js Race Condition to Cache Poisoning CWE-362 3.7 Low2025-05-14
CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts CWE-200 7.5AIHighAI2025-04-02
CVE-2025-29927 Authorization Bypass in Next.js Middleware CWE-285 9.1 Critical2025-03-21
CVE-2024-56332 Next.js Vulnerable to Denial of Service (DoS) with Server Actions CWE-770 5.3 Medium2025-01-03
CVE-2024-51479 Authorization bypass in Next.js CWE-285 7.5 High2024-12-17
CVE-2024-47831 Next.js image optimization has Denial of Service condition CWE-674 5.9 Medium2024-10-14
CVE-2024-46982 Cache Poisoning in next.js CWE-639 7.5 High2024-09-17
CVE-2024-39693 Next.js Denial of Service (DoS) condition CWE-400 7.5 High2024-07-10
CVE-2024-34351 Next.js Server-Side Request Forgery in Server Actions CWE-918 7.5 High2024-05-09
CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling CWE-444 7.5 High2024-05-09
CVE-2022-36046 Unexpected server crash in Next.js version 12.2.3 CWE-248 5.3 Medium2022-08-31
CVE-2022-23646 Improper CSP in Image Optimization API for Next.js CWE-451 5.9 Medium2022-02-17
CVE-2021-43803 Unexpected server crash in Next.js CWE-20 7.5 High2021-12-09
CVE-2021-39178 XSS in Image Optimization API for Next.js versions between 10.0.0 and 11.1.0 CWE-79 7.5 High2021-08-30
CVE-2021-37699 Open Redirect in Next.js versions below 11.1.0 CWE-601 6.9 Medium2021-08-11
CVE-2020-15242 Open Redirect in Next.js CWE-601 4.7 Medium2020-10-08
CVE-2020-5284 Directory Traversal in Next.js versions below 9.3.2 CWE-23 4.4 Medium2020-03-30

All 29 known CVE vulnerabilities affecting next.js with full Chinese analysis, references, and POCs where available.