next vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-9QR9-H5GF-34MPCriticalnext: Next.js is vulnerable to RCE in React flight protocolCVE-2025-57752Mediumnext: Next.js Affected by Cache Key Confusion for Image Optimization API RoutesCVE-2025-55173Mediumnext: Next.js Content Injection Vulnerability for Image OptimizationCVE-2025-57822Mediumnext: Next.js Improper Middleware Redirect Handling Leads to SSRFCVE-2025-49826Highnext: Next.JS vulnerability can lead to DoS via cache poisoning CVE-2025-49005Lownext: Next.js has a Cache poisoning vulnerability due to omission of the Vary headerCVE-2025-48068Lownext: Information exposure in Next.js dev server due to lack of origin verificationCVE-2025-32421Lownext: Next.js Race Condition to Cache PoisoningCVE-2025-30218Lownext: Next.js may leak x-middleware-subrequest-id to external hostsCVE-2025-29927Criticalnext: Authorization Bypass in Next.js MiddlewareCVE-2024-56332Mediumnext: Next.js Allows a Denial of Service (DoS) with Server ActionsCVE-2024-51479Highnext: Next.js authorization bypass vulnerabilityCVE-2024-47831Mediumnext: Denial of Service condition in Next.js image optimizationCVE-2024-46982Highnext: Next.js Cache PoisoningCVE-2024-39693Highnext: Next.js Denial of Service (DoS) conditionCVE-2024-34351Highnext: Next.js Server-Side Request Forgery in Server ActionsCVE-2024-34350Highnext: Next.js Vulnerable to HTTP Request SmugglingCVE-2023-46298Lownext: Next.js missing cache-control header may lead to CDN caching empty replyCVE-2022-36046Mediumnext: Unexpected server crash in Next.jsCVE-2022-23646Mediumnext: Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0CVE-2022-21721Mediumnext: Denial of Service Vulnerability in next.jsCVE-2021-43803Highnext: Unexpected server crash in Next.js.CVE-2021-39178Highnext: XSS in Image Optimization API for Next.jsCVE-2021-37699Mediumnext: Open Redirect in Next.jsCVE-2020-15242Mediumnext: Open Redirect in Next.js versions

Stop the waste.
Protect your environment with Kodem.