Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
next.js vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-6184
ZEIT Next.js 4 prior to 4.2.3 has Directory Traversal under the /_next request namespace.
Zeit Next.js 4.2.2
Zeit Next.js 4.2.0
Zeit Next.js 4.1.3
Zeit Next.js 4.1.1
Zeit Next.js 4.0.0
Zeit Next.js 4.0.5
Zeit Next.js 4.0.4
Zeit Next.js 4.0.3
Zeit Next.js 4.0.2
Zeit Next.js 4.0.1
Zeit Next.js 4.1.4
Zeit Next.js 4.2.1
Zeit Next.js 4.1.2
Zeit Next.js 4.1.0
1 Github repository
NA
CVE-2023-46298
Next.js prior to 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.
Vercel Next.js
Vercel Next.js 13.4.20
2 Github repositories
383
VMScore
CVE-2018-18282
Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.
Zeit Next.js 7.0.1
Zeit Next.js 7.0.0
383
VMScore
CVE-2021-43803
Next.js is a React framework. In versions of Next.js before 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next star...
Vercel Next.js
516
VMScore
CVE-2021-37699
Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect do...
Vercel Next.js
384
VMScore
CVE-2022-21721
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom serv...
Vercel Next.js
516
VMScore
CVE-2020-15242
Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow f...
Vercel Next.js
383
VMScore
CVE-2021-39178
Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the `next.config.js` file must have `images.domains` array assigned and the image host assigned ...
Vercel Next.js
384
VMScore
CVE-2022-23646
Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the ...
Vercel Next.js
447
VMScore
CVE-2020-5284
Next.js versions prior to 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets...
Zeit Next.js
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »