Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-3749
  • npm/@webapp-next/store
 Malicious code in @webapp-next/store (npm) 3 days ago
  • No fix available
GHSA-26hh-7cqf-hhc6
  • npm/next
 Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up 6 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-3g8h-86w9-wvmq
  • npm/next
 Next.js's Middleware / Proxy redirects can be cache-poisoned 6 days ago
  • Fix available
  • Severity - 3.7 (Low)
GHSA-ffhc-5mcf-pf4q
  • npm/next
 Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces 6 days ago
  • Fix available
  • Severity - 4.7 (Medium)
GHSA-vfv6-92ff-j949
  • npm/next
 Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting 6 days ago
  • Fix available
  • Severity - 3.7 (Low)
GHSA-gx5p-jg67-6x7h
  • npm/next
 Next.js has cross-site scripting in beforeInteractive scripts with untrusted input 6 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-mg66-mrh9-m8jx
  • npm/next
 Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components 6 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-h64f-5h5j-jqjh
  • npm/next
 Next.js has a Denial of Service in the Image Optimization API 6 days ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-c4j6-fc7j-m34r
  • npm/next
 Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades 6 days ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-wfc6-r584-vfw7
  • npm/next
 Next.js vulnerable to cache poisoning in React Server Component responses 6 days ago
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-267c-6grr-h53f
  • npm/next
 Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes 6 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-492v-c6pp-mqqv
  • npm/next
 Next.js has a Middleware / Proxy bypass through dynamic route parameter injection 6 days ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-36qx-fr4f-26g5
  • npm/next
 Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n 6 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-8h8q-6873-q5fj
  • npm/next
 Next.js Vulnerable to Denial of Service with Server Components 11 May
  • Fix available
  • Severity - 7.5 (High)
GHSA-2xx6-qf7x-grqh
  • npm/@jswork/next-npm-version
 next-npm-version is vulnerable to Command injection 07 May
  • No fix available
  • Severity - 9.8 (Critical)
GHSA-4c35-wcg5-mm9h
  • npm/next-intl
 next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys 06 May
  • Fix available
  • Severity - 4.2 (Medium)
Load more...