>= 13.0.0, < 13.5.9
HIGH8.6CVE-2026-44578Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades >= 13.4.13, < 15.5.16
HIGH8.1Next.js has a Middleware / Proxy bypass through dynamic route parameter injection
>= 15.4.0, < 15.5.16
HIGH7.5Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
>= 15.2.0, < 15.5.18
HIGH7.5Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components
>= 15.0.0, < 15.5.16
HIGH7.5Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes
>= 15.2.0, < 15.5.16
HIGH7.5Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n
>= 12.2.0, < 15.5.16
HIGH7.5Next.JS vulnerability can lead to DoS via cache poisoning
>= 15.0.4-canary.51, < 15.1.8
HIGH7.5Next.js authorization bypass vulnerability
>= 9.5.5, < 14.2.15
HIGH7.5Next.js Cache Poisoning
>= 13.5.1, < 13.5.7
HIGH7.5Next.js Denial of Service (DoS) condition
>= 13.3.1, < 13.5.0
HIGH7.5Next.js Server-Side Request Forgery in Server Actions
>= 13.4.0, < 14.1.1
HIGH7.5Next.js Vulnerable to HTTP Request Smuggling
>= 13.4.0, < 13.5.1
HIGH7.5Unexpected server crash in Next.js.
>= 12.0.0, < 12.0.5
HIGH7.5XSS in Image Optimization API for Next.js
>= 10.0.0, < 11.1.1
HIGH7.5Directory traversal vulnerability in Next.js
>= 1.0.0, < 4.2.3
HIGH7.5Next.js Directory Traversal Vulnerability
>= 1.0.0, < 2.4.1
MEDIUM6.9Open Redirect in Next.js
>= 0.9.9, < 11.1.0
MEDIUM6.5Next.js Improper Middleware Redirect Handling Leads to SSRF
>= 0.9.9, < 14.2.32
MEDIUM6.2Next.js Affected by Cache Key Confusion for Image Optimization API Routes
>= 0.9.9, < 14.2.31
MEDIUM6.1Next.js has cross-site scripting in beforeInteractive scripts with untrusted input
>= 13.0.0, < 15.5.16
MEDIUM6.1Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page
>= 7.0.0, < 7.0.2
MEDIUM5.9Next.js has a Denial of Service in the Image Optimization API
>= 10.0.0, < 15.5.16
MEDIUM5.9Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
>= 16.0.0-beta.0, < 16.1.5
MEDIUM5.9Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration
>= 10.0.0, < 15.5.10
MEDIUM5.9Denial of Service condition in Next.js image optimization
>= 10.0.0, < 14.2.7
MEDIUM5.9Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0
>= 10.0.0, < 12.1.0
MEDIUM5.9Denial of Service Vulnerability in next.js
>= 12.0.0, < 12.0.9
MEDIUM5.4Next.js vulnerable to cache poisoning in React Server Component responses
>= 14.2.0, < 15.5.16
MEDIUM5.3Next.js Allows a Denial of Service (DoS) with Server Actions
>= 13.0.0, < 13.5.8
MEDIUM5.3Unexpected server crash in Next.js
>= 12.2.3, < 12.2.4
MEDIUM4.7Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces
>= 13.4.0, < 15.5.16
MEDIUM4.7Open Redirect in Next.js versions
>= 9.5.0, < 9.5.4
MEDIUM4.4Directory Traversal in Next.js
>= 0.9.9, < 9.3.2
MEDIUM4.3Next.js Content Injection Vulnerability for Image Optimization
>= 0.9.9, < 14.2.31
LOW3.7Next.js's Middleware / Proxy redirects can be cache-poisoned
>= 12.2.0, < 15.5.16
LOW3.7Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting
>= 13.4.6, < 15.5.16
LOW3.7Next.js has a Cache poisoning vulnerability due to omission of the Vary header
>= 15.3.0, < 15.3.3
LOW3.7Next.js Race Condition to Cache Poisoning
>= 0.9.9, < 14.2.24
—Next.js: HTTP request smuggling in rewrites
>= 16.0.0-beta.0, < 16.1.7
—Next.js: Unbounded next/image disk cache growth can exhaust storage
>= 16.0.0-beta.0, < 16.1.7
—Next.js: Unbounded postponed resume buffering can lead to DoS
>= 16.0.1, < 16.1.7
—Next.js: null origin can bypass Server Actions CSRF checks
>= 16.0.1, < 16.1.7
—Next.js: null origin can bypass dev HMR websocket CSRF checks
>= 16.0.1, < 16.1.7
—Information exposure in Next.js dev server due to lack of origin verification
>= 15.0.0, < 15.2.2
—Next.js may leak x-middleware-subrequest-id to external hosts
>= 12.3.5, < 12.3.6
—Next.js missing cache-control header may lead to CDN caching empty reply
>= 0.9.9, < 13.4.20-canary.13