VYPR

Vendor CVEs

Vercel

All CVEs

69 total · sorted by risk
  • CVE-2026-45772CriMay 15, 2026
    risk 0.57cvss 9.8epss 0.00

    Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted repositories that contain malicious Yarn configuration. In affected versions, package…

  • CVE-2026-46508HigMay 15, 2026
    risk 0.51cvss 7.8epss 0.00

    Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo…

  • CVE-2026-26156HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.

  • CVE-2026-44578HigMay 13, 2026
    risk 0.49cvss 8.6epss 0.39

    Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker…

  • CVE-2015-8315HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.07

    The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

  • CVE-2026-8768HigMay 17, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be…

  • CVE-2026-44574HigMay 13, 2026
    risk 0.46cvss 8.1epss 0.00

    Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters…

  • CVE-2026-45109HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6.

  • CVE-2026-44579HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In…

  • CVE-2026-44575HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used…

  • CVE-2026-44573HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.00

    Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through…

  • CVE-2026-44479MedMay 13, 2026
    risk 0.36cvss 5.5epss 0.00

    Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested…

  • CVE-2026-45773MedMay 15, 2026
    risk 0.35cvss 6.5epss 0.00

    Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web…

  • CVE-2025-46332MedMay 2, 2025
    risk 0.35cvss 6.5epss 0.00

    Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags…

  • CVE-2025-23027MedJan 13, 2025
    risk 0.34cvss epss 0.00

    next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems.

  • CVE-2026-8767MedMay 17, 2026
    risk 0.33cvss 5.0epss 0.04

    A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The…

  • CVE-2026-44580MedMay 13, 2026
    risk 0.33cvss 6.1epss 0.00

    Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script…

  • CVE-2026-44577MedMay 13, 2026
    risk 0.31cvss 5.9epss 0.01

    Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit.…

  • CVE-2026-8769MedMay 17, 2026
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource…

  • CVE-2026-44576MedMay 13, 2026
    risk 0.28cvss 5.4epss 0.00

    Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected…

  • CVE-2025-7074MedJul 5, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to…

  • CVE-2026-44581MedMay 13, 2026
    risk 0.24cvss 4.7epss 0.00

    Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed…

  • CVE-2026-44582LowMay 13, 2026
    risk 0.17cvss 3.7epss 0.00

    Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected…

  • CVE-2026-44572LowMay 13, 2026
    risk 0.17cvss 3.7epss 0.00

    Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the…

  • CVE-2024-38080KEVJul 9, 2024
    risk 0.13cvss epss 0.07

    Windows Hyper-V Elevation of Privilege Vulnerability

  • CVE-2025-21334KEVJan 14, 2025
    risk 0.12cvss epss 0.02

    Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

  • CVE-2025-29927Mar 21, 2025
    risk 0.04cvss epss 1.00

    Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in…

  • CVE-2026-21248Feb 10, 2026
    risk 0.03cvss epss 0.01

    Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

  • CVE-2024-43567Oct 8, 2024
    risk 0.01cvss epss 0.02

    Windows Hyper-V Denial of Service Vulnerability

  • CVE-2024-38127Aug 13, 2024
    risk 0.01cvss epss 0.02

    Windows Hyper-V Elevation of Privilege Vulnerability

  • CVE-2026-29057Mar 18, 2026
    risk 0.00cvss epss 0.00

    Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could…

  • CVE-2026-27980Mar 18, 2026
    risk 0.00cvss epss 0.01

    Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker…

  • CVE-2026-27979Mar 18, 2026
    risk 0.00cvss epss 0.00

    Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing…

  • CVE-2026-27978Mar 17, 2026
    risk 0.00cvss epss 0.00

    Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, `origin: null` was treated as a "missing" origin during Server Action CSRF validation. As a result, requests from opaque contexts (such as sandboxed…

  • CVE-2026-27977Mar 17, 2026
    risk 0.00cvss epss 0.00

    Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if `allowedDevOrigins` is…

  • CVE-2025-59472Jan 26, 2026
    risk 0.00cvss epss 0.00

    A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-controlled postponed state…

  • CVE-2025-59471Jan 26, 2026
    risk 0.00cvss epss 0.00

    A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads external images entirely into memory without enforcing a maximum size limit,…

  • CVE-2025-62567Dec 9, 2025
    risk 0.00cvss epss 0.01

    Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.

  • CVE-2025-48985Nov 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade. More details:…

  • CVE-2025-52662Nov 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtoo…

  • CVE-2025-57203Sep 22, 2025
    risk 0.00cvss epss 0.00

    MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream…

  • CVE-2025-54115Sep 9, 2025
    risk 0.00cvss epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

  • CVE-2025-54091Sep 9, 2025
    risk 0.00cvss epss 0.00

    Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

  • CVE-2025-57752Aug 29, 2025
    risk 0.00cvss epss 0.00

    Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such…

  • CVE-2025-55173Aug 29, 2025
    risk 0.00cvss epss 0.01

    Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file…

  • CVE-2025-57822Aug 29, 2025
    risk 0.00cvss epss 0.02

    Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers.…

  • CVE-2025-48807Aug 12, 2025
    risk 0.00cvss epss 0.00

    Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.

  • CVE-2025-53723Aug 12, 2025
    risk 0.00cvss epss 0.00

    Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

  • CVE-2025-49826Jul 3, 2025
    risk 0.00cvss epss 0.01

    Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted on Vercel. Under certain…

  • CVE-2025-49005Jul 3, 2025
    risk 0.00cvss epss 0.00

    Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server…

Page 1 of 2