Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
next.js vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-6184
ZEIT Next.js 4 prior to 4.2.3 has Directory Traversal under the /_next request namespace.
Zeit Next.js 4.2.2
Zeit Next.js 4.2.0
Zeit Next.js 4.1.3
Zeit Next.js 4.1.1
Zeit Next.js 4.0.0
Zeit Next.js 4.0.5
Zeit Next.js 4.0.4
Zeit Next.js 4.0.3
Zeit Next.js 4.0.2
Zeit Next.js 4.0.1
Zeit Next.js 4.1.4
Zeit Next.js 4.2.1
Zeit Next.js 4.1.2
Zeit Next.js 4.1.0
1 Github repository
7.5
CVSSv3
CVE-2023-46298
Next.js prior to 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.
Vercel Next.js
Vercel Next.js 13.4.20
1 Github repository
6.1
CVSSv3
CVE-2018-18282
Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.
Zeit Next.js 7.0.1
Zeit Next.js 7.0.0
6.1
CVSSv3
CVE-2020-15242
Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow f...
Vercel Next.js
7.5
CVSSv3
CVE-2022-21721
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom serv...
Vercel Next.js
7.5
CVSSv3
CVE-2022-23646
Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the ...
Vercel Next.js
6.1
CVSSv3
CVE-2021-37699
Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect do...
Vercel Next.js
7.5
CVSSv3
CVE-2021-43803
Next.js is a React framework. In versions of Next.js before 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next star...
Vercel Next.js
7.5
CVSSv3
CVE-2017-16877
ZEIT Next.js prior to 2.4.1 has directory traversal under the /_next and /static request namespace, allowing malicious users to obtain sensitive information.
Zeit Next.js
6.1
CVSSv3
CVE-2021-39178
Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the `next.config.js` file must have `images.domains` array assigned and the image host assigned ...
Vercel Next.js
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »