Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
next.js vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2022-29214
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this iss...
Nextauth.js Next-auth
5.8
CVSSv2
CVE-2021-43812
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions prior to 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to up...
Auth0 Nextjs-auth0
5.8
CVSSv2
CVE-2021-37699
Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect do...
Vercel Next.js
5.8
CVSSv2
CVE-2020-15242
Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow f...
Vercel Next.js
5
CVSSv2
CVE-2022-31093
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instanti...
Nextauth.js Next-auth
5
CVSSv2
CVE-2020-5284
Next.js versions prior to 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets...
Zeit Next.js
5
CVSSv2
CVE-2018-6184
ZEIT Next.js 4 prior to 4.2.3 has Directory Traversal under the /_next request namespace.
Zeit Next.js 4.2.2
Zeit Next.js 4.2.1
Zeit Next.js 4.2.0
Zeit Next.js 4.1.4
Zeit Next.js 4.1.3
Zeit Next.js 4.1.2
Zeit Next.js 4.1.1
Zeit Next.js 4.1.0
Zeit Next.js 4.0.5
Zeit Next.js 4.0.4
Zeit Next.js 4.0.3
Zeit Next.js 4.0.2
Zeit Next.js 4.0.1
Zeit Next.js 4.0.0
1 Github repository
5
CVSSv2
CVE-2017-16877
ZEIT Next.js prior to 2.4.1 has directory traversal under the /_next and /static request namespace, allowing malicious users to obtain sensitive information.
Zeit Next.js
4.3
CVSSv2
CVE-2022-31127
NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail [signin endpoint](https://next-auth.js.org/getting-started/rest-api#post-apiauthsigninprovider) that contains some malicious HTML, tricki...
Nextauth.js Next-auth
4.3
CVSSv2
CVE-2022-23646
Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the ...
Vercel Next.js
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »