VYPR

Vendor CVEs

Vercel

All CVEs

69 total · sorted by risk
  • CVE-2025-48068May 30, 2025
    risk 0.00cvss epss 0.00

    Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The…

  • CVE-2025-32421May 14, 2025
    risk 0.00cvss epss 0.01

    Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead…

  • CVE-2025-27491Apr 8, 2025
    risk 0.00cvss epss 0.01

    Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network.

  • CVE-2025-30218Apr 2, 2025
    risk 0.00cvss epss 0.00

    Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is…

  • CVE-2024-56332Jan 3, 2025
    risk 0.00cvss epss 0.01

    Next.js is a React framework for building full-stack web applications. Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers to construct requests that leaves requests to…

  • CVE-2024-51479Dec 17, 2024
    risk 0.00cvss epss 0.04

    Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root…

  • CVE-2024-47831Oct 14, 2024
    risk 0.00cvss epss 0.01

    Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU…

  • CVE-2024-30092Oct 8, 2024
    risk 0.00cvss epss 0.01

    Windows Hyper-V Remote Code Execution Vulnerability

  • CVE-2024-46982Sep 17, 2024
    risk 0.00cvss epss 0.61

    Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent…

  • CVE-2024-39693Jul 10, 2024
    risk 0.00cvss epss 0.00

    Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later.

  • CVE-2024-34351May 9, 2024
    risk 0.00cvss epss 0.05

    Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able…

  • CVE-2024-34350May 9, 2024
    risk 0.00cvss epss 0.01

    Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to…

  • CVE-2024-24828Feb 9, 2024
    risk 0.00cvss epss 0.00

    pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to…

  • CVE-2022-36046Aug 31, 2022
    risk 0.00cvss epss 0.01

    Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start…

  • CVE-2022-23646Feb 17, 2022
    risk 0.00cvss epss 0.02

    Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the…

  • CVE-2021-43803Dec 9, 2021
    risk 0.00cvss epss 0.45

    Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next…

  • CVE-2021-39178Aug 30, 2021
    risk 0.00cvss epss 0.01

    Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the `next.config.js` file must have `images.domains` array assigned and the image host assigned…

  • CVE-2021-37699Aug 11, 2021
    risk 0.00cvss epss 0.01

    Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect…

  • CVE-2020-15242Oct 8, 2020
    risk 0.00cvss epss 0.01

    Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for…

Page 2 of 2