Skip to main content

Next Js

16 CVEs product

Monthly

CVE-2024-51479 npm HIGH PATCH This Week

Next.js is a React framework for building full-stack web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2024-47831 npm HIGH PATCH This Week

Next.js is a React Framework for the Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-46982 npm HIGH PATCH This Week

Next.js is a React framework for building full-stack web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
58.8%
CVE-2024-39693 npm HIGH PATCH This Week

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-34351 npm HIGH POC PATCH This Week

Next.js is a React framework that can provide building blocks to create web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
5.5%
CVE-2024-34350 npm HIGH PATCH This Week

Next.js is a React framework that can provide building blocks to create web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-46298 npm HIGH POC PATCH This Week

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-36046 LIB MEDIUM PATCH This Month

Next.js is a React framework that can provide building blocks to create web applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Node.js Next Js
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-23646 npm HIGH PATCH This Week

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-43803 npm HIGH PATCH This Week

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
44.8%
CVE-2021-39178 npm MEDIUM PATCH This Month

Next.js is a React framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Next Js
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-37699 npm MEDIUM PATCH This Month

Next.js is an open source website development framework to be used with the React library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Next Js
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-15242 npm MEDIUM PATCH This Month

Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Next Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5284 npm MEDIUM POC PATCH THREAT This Month

Next.js versions before 9.3.2 have a directory traversal vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Next Js
NVD GitHub
CVSS 3.1
4.3
EPSS
43.4%
CVE-2018-18282 npm MEDIUM PATCH This Month

Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Next Js
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-6184 npm HIGH POC PATCH This Week

ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Next Js
NVD GitHub
CVSS 3.0
7.5
EPSS
9.1%
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Next.js is a React framework for building full-stack web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Next Js
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Next.js is a React Framework for the Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Next Js
NVD GitHub
EPSS 59% CVSS 7.5
HIGH PATCH This Week

Next.js is a React framework for building full-stack web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Next Js
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Next Js
NVD GitHub
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

Next.js is a React framework that can provide building blocks to create web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Next Js
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Next.js is a React framework that can provide building blocks to create web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Next Js
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Next Js
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Next.js is a React framework that can provide building blocks to create web applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Node.js Next Js
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Next Js
NVD GitHub
EPSS 45% CVSS 7.5
HIGH PATCH This Week

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Next Js
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Next.js is a React framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Next Js
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Next.js is an open source website development framework to be used with the React library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Next Js
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Next Js
NVD GitHub
EPSS 43% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

Next.js versions before 9.3.2 have a directory traversal vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Next Js
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Next Js
NVD GitHub
EPSS 9% CVSS 7.5
HIGH POC PATCH This Week

ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Next Js
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy