Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Vercel — Vulnerabilities & Security Advisories 35

Browse all 35 CVE security advisories affecting Vercel. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Vercel:next.jsnextmspkgflagshyperAI SDKNuxt Devtools
CVE IDTitleCVSSSeverityPaused
CVE-2026-29057 Next.js: HTTP request smuggling in rewrites — next.jsCWE-444 9.1 -2026-03-18
CVE-2026-27980 Next.js: Unbounded next/image disk cache growth can exhaust storage — next.jsCWE-400 6.5 -2026-03-18
CVE-2026-27979 Next.js: Unbounded postponed resume buffering can lead to DoS — next.jsCWE-770 5.4 -2026-03-18
CVE-2026-27978 Next.js: null origin can bypass Server Actions CSRF checks — next.jsCWE-352 8.8 -2026-03-17
CVE-2026-27977 Next.js: null origin can bypass dev HMR websocket CSRF checks — next.jsCWE-1385 7.1 -2026-03-17
CVE-2025-59471 Next.js 安全漏洞 — next 5.9 Medium2026-01-26
CVE-2025-59472 Next.js 安全漏洞 — next 5.9 Medium2026-01-26
CVE-2025-48985 AI SDK 安全漏洞 — AI SDK 3.7 Low2025-11-07
CVE-2025-52662 Nuxt DevTools 安全漏洞 — Nuxt Devtools 6.9 Medium2025-11-07
CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes — next.jsCWE-524 6.2 Medium2025-08-29
CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization — next.jsCWE-20 4.3 Medium2025-08-29
CVE-2025-57822 Next.js Improper Middleware Redirect Handling Leads to SSRF — next.jsCWE-918 6.5 Medium2025-08-29
CVE-2025-7074 vercel hyper rimraf-standalone.js ignoreMap redos — hyperCWE-1333 4.3 Medium2025-07-05
CVE-2025-49826 Next.js DoS vulnerability via cache poisoning — next.jsCWE-444 7.5 High2025-07-03
CVE-2025-49005 Next.js cache poisoning due to omission of Vary header — next.jsCWE-444 3.7 Low2025-07-03
CVE-2025-48068 Information exposure in Next.js dev server due to lack of origin verification — next.jsCWE-1385 2.5AILowAI2025-05-30
CVE-2025-32421 Next.js Race Condition to Cache Poisoning — next.jsCWE-362 3.7 Low2025-05-14
CVE-2025-46332 Information Disclosure via Flags override link — flagsCWE-200 6.5 Medium2025-05-02
CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts — next.jsCWE-200 7.5AIHighAI2025-04-02
CVE-2025-29927 Authorization Bypass in Next.js Middleware — next.jsCWE-285 9.1 Critical2025-03-21
CVE-2024-56332 Next.js Vulnerable to Denial of Service (DoS) with Server Actions — next.jsCWE-770 5.3 Medium2025-01-03
CVE-2024-51479 Authorization bypass in Next.js — next.jsCWE-285 7.5 High2024-12-17
CVE-2024-47831 Next.js image optimization has Denial of Service condition — next.jsCWE-674 5.9 Medium2024-10-14
CVE-2024-46982 Cache Poisoning in next.js — next.jsCWE-639 7.5 High2024-09-17
CVE-2024-39693 Next.js Denial of Service (DoS) condition — next.jsCWE-400 7.5 High2024-07-10
CVE-2024-34351 Next.js Server-Side Request Forgery in Server Actions — next.jsCWE-918 7.5 High2024-05-09
CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling — next.jsCWE-444 7.5 High2024-05-09
CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg — pkgCWE-276 6.6 Medium2024-02-09
CVE-2017-20162 vercel ms index.js parse redos — msCWE-1333 4.3 Medium2023-01-05
CVE-2022-36046 Unexpected server crash in Next.js version 12.2.3 — next.jsCWE-248 5.3 Medium2022-08-31

This page lists every published CVE security advisory associated with Vercel. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.