Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
next.js vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2022-35924
NextAuth.js is a complete open source authentication solution for Next.js applications. `next-auth` users who are using the `EmailProvider` either in versions before `4.10.3` or `3.29.10` are affected. If an attacker could forge a request that sent a comma-separated list of email...
Nextauth.js Next-auth
8.8
CVSSv3
CVE-2023-27490
NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network ...
Nextauth.js Next-auth
8.1
CVSSv3
CVE-2022-39263
`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use `next-auth` Email Provider and `@next-auth/upstash-redis-adapter` before v3.0.2 are affected by this vulnerability. The Upstash Redis ...
Nextauth.js Next-auth
7.5
CVSSv3
CVE-2023-46298
Next.js prior to 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.
Vercel Next.js
Vercel Next.js 13.4.20
2 Github repositories
7.5
CVSSv3
CVE-2022-31093
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instanti...
Nextauth.js Next-auth
7.5
CVSSv3
CVE-2022-23646
Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the ...
Vercel Next.js
7.5
CVSSv3
CVE-2022-21721
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom serv...
Vercel Next.js
7.5
CVSSv3
CVE-2021-43803
Next.js is a React framework. In versions of Next.js before 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next star...
Vercel Next.js
7.5
CVSSv3
CVE-2018-6184
ZEIT Next.js 4 prior to 4.2.3 has Directory Traversal under the /_next request namespace.
Zeit Next.js 4.2.2
Zeit Next.js 4.2.1
Zeit Next.js 4.2.0
Zeit Next.js 4.1.4
Zeit Next.js 4.1.3
Zeit Next.js 4.1.2
Zeit Next.js 4.1.1
Zeit Next.js 4.1.0
Zeit Next.js 4.0.5
Zeit Next.js 4.0.4
Zeit Next.js 4.0.3
Zeit Next.js 4.0.2
Zeit Next.js 4.0.1
Zeit Next.js 4.0.0
1 Github repository
7.5
CVSSv3
CVE-2017-16877
ZEIT Next.js prior to 2.4.1 has directory traversal under the /_next and /static request namespace, allowing malicious users to obtain sensitive information.
Zeit Next.js
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »