Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
next.js vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2022-29214
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this iss...
Nextauth.js Next-auth
516
VMScore
CVE-2021-43812
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions prior to 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to up...
Auth0 Nextjs-auth0
516
VMScore
CVE-2021-37699
Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect do...
Vercel Next.js
516
VMScore
CVE-2020-15242
Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow f...
Vercel Next.js
447
VMScore
CVE-2020-5284
Next.js versions prior to 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets...
Zeit Next.js
446
VMScore
CVE-2017-16877
ZEIT Next.js prior to 2.4.1 has directory traversal under the /_next and /static request namespace, allowing malicious users to obtain sensitive information.
Zeit Next.js
445
VMScore
CVE-2022-31093
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instanti...
Nextauth.js Next-auth
445
VMScore
CVE-2018-6184
ZEIT Next.js 4 prior to 4.2.3 has Directory Traversal under the /_next request namespace.
Zeit Next.js 4.2.2
Zeit Next.js 4.2.1
Zeit Next.js 4.2.0
Zeit Next.js 4.1.4
Zeit Next.js 4.1.3
Zeit Next.js 4.1.2
Zeit Next.js 4.1.1
Zeit Next.js 4.1.0
Zeit Next.js 4.0.5
Zeit Next.js 4.0.4
Zeit Next.js 4.0.3
Zeit Next.js 4.0.2
Zeit Next.js 4.0.1
Zeit Next.js 4.0.0
1 Github repository
384
VMScore
CVE-2022-23646
Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the ...
Vercel Next.js
384
VMScore
CVE-2022-21721
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom serv...
Vercel Next.js
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »