next vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-45109Highnext: Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes -…CVE-2026-44572Lownext: Next.js's Middleware / Proxy redirects can be cache-poisonedCVE-2026-44581Mediumnext: Next.js vulnerable to cross-site scripting in App Router applications using CSP noncesCVE-2026-44582Lownext: Next.js vulnerable to cache poisoning via collisions in React Server Component cache-bustingCVE-2026-44580Mediumnext: Next.js has cross-site scripting in beforeInteractive scripts with untrusted inputCVE-2026-44579Highnext: Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache…CVE-2026-44577Mediumnext: Next.js has a Denial of Service in the Image Optimization APICVE-2026-44578Highnext: Next.js vulnerable to server-side request forgery in applications using WebSocket upgradesCVE-2026-44576Mediumnext: Next.js vulnerable to cache poisoning in React Server Component responsesCVE-2026-44575Highnext: Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routesCVE-2026-44574Highnext: Next.js has a Middleware / Proxy bypass through dynamic route parameter injectionCVE-2026-44573Highnext: Next.js has a Middleware / Proxy bypass in Pages Router applications using i18nGHSA-8H8Q-6873-Q5FJHighnext: Next.js Vulnerable to Denial of Service with Server ComponentsGHSA-Q4GF-8MX6-V5V3Highnext: Next.js has a Denial of Service with Server ComponentsCVE-2026-29057Mediumnext: Next.js: HTTP request smuggling in rewritesCVE-2026-27980Mediumnext: Next.js: Unbounded next/image disk cache growth can exhaust storageCVE-2026-27979Mediumnext: Next.js: Unbounded postponed resume buffering can lead to DoSCVE-2026-27978Mediumnext: Next.js: null origin can bypass Server Actions CSRF checksCVE-2026-27977Lownext: Next.js: null origin can bypass dev HMR websocket CSRF checksGHSA-H25M-26QC-WCJFHighnext: Next.js HTTP request deserialization can lead to DoS when using insecure React Server ComponentsCVE-2025-59472Mediumnext: Next.js has Unbounded Memory Consumption via PPR Resume Endpoint CVE-2025-59471Mediumnext: Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configurationGHSA-5J59-XGG2-R9C4Highnext: Next has a Denial of Service with Server Components - Incomplete Fix Follow-UpGHSA-W37M-7FHW-FMV9Mediumnext: Next Server Actions Source Code Exposure GHSA-MWV6-3258-Q52CHighnext: Next Vulnerable to Denial of Service with Server Components

Stop the waste.
Protect your environment with Kodem.