next vulnerabilities

Known vulnerabilities in the next package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Server-side Request Forgery (SSRF)	<14.2.32>=15.0.0 <15.4.2-canary.43>=15.4.3 <15.4.7
M Use of Cache Containing Sensitive Information	<14.2.31>=15.0.0 <15.4.2-canary.19>=15.4.3 <15.4.5
L Missing Source Correlation of Multiple Independent Data	<14.2.31>=15.0.0 <15.4.2-canary.19>=15.4.3 <15.4.5
H HTTP Request Smuggling	>=15.0.4-canary.51 <15.1.8
M Interpretation Conflict	>=15.3.0 <15.3.3
L Missing Origin Validation in WebSockets	>=13.0.0 <14.2.30>=15.0.0-rc.0 <15.2.2
M Race Condition	<14.2.24>=15.0.0 <15.1.6
M Information Exposure	>=12.3.5 <12.3.6>=13.5.9 <13.5.10>=14.2.25 <14.2.26>=15.2.3 <15.2.4
C Improper Authorization	>=11.1.4 <12.3.5>=13.0.0 <13.5.9>=14.0.0 <14.2.25>=15.0.0-rc.0 <15.2.3>=15.3.0-canary.0 <15.3.0-canary.12
M Allocation of Resources Without Limits or Throttling	>=13.0.0 <13.5.8>=14.0.0 <14.2.21>=15.0.0 <15.1.2
H Missing Authorization	>=9.5.5 <13.5.8>=14.0.0 <14.2.15>=15.0.0-canary.0 <15.0.0-canary.177
H Uncontrolled Recursion	>=10.0.0 <14.2.7>=15.0.0-canary.0 <15.0.0-canary.109
H Acceptance of Extraneous Untrusted Data With Trusted Data	>=13.5.1 <13.5.7>=14.0.0 <14.2.10
H Denial of Service (DoS)	>=13.4.0 <13.5.0
H Server-Side Request Forgery (SSRF)	>=13.4.0 <14.1.1
H HTTP Request Smuggling	>=13.4.0 <13.5.1
M Resource Exhaustion	<13.4.20-canary.13
H Remote Code Execution (RCE)	>=0.9.9 <5.0.1-canary.5
M Uncaught Exception	>=12.2.3 <12.2.4
M User Interface (UI) Misrepresentation of Critical Information	>=10.0.0 <12.1.0
M Denial of Service (DoS)	>=12.0.0 <12.0.9
H Denial of Service (DoS)	>=12.0.0 <12.0.5>=11.1.0 <11.1.3
M Cross-site Scripting (XSS)	>=10.0.0 <11.1.1
M Open Redirect	<11.1.0
M Open Redirect	>=9.5.0 <9.5.4
H Arbitrary File Read	<5.1.0
M Path Traversal	<9.3.2
M Cross-site Scripting (XSS)	>=7.0.0 <7.0.2
H Directory Traversal	<4.2.3
H Directory Traversal	<2.4.1
M Cross-site Scripting (XSS)	<2.4.3
H Directory Traversal	<2.4.1>=3.0.0-beta1 <3.0.0-beta7

Vulnerability

Vulnerable Version

Server-side Request Forgery (SSRF)

<14.2.32>=15.0.0 <15.4.2-canary.43>=15.4.3 <15.4.7

Use of Cache Containing Sensitive Information

<14.2.31>=15.0.0 <15.4.2-canary.19>=15.4.3 <15.4.5

Missing Source Correlation of Multiple Independent Data

<14.2.31>=15.0.0 <15.4.2-canary.19>=15.4.3 <15.4.5

HTTP Request Smuggling

>=15.0.4-canary.51 <15.1.8

Interpretation Conflict

>=15.3.0 <15.3.3

Missing Origin Validation in WebSockets

>=13.0.0 <14.2.30>=15.0.0-rc.0 <15.2.2

Race Condition

<14.2.24>=15.0.0 <15.1.6

Information Exposure

>=12.3.5 <12.3.6>=13.5.9 <13.5.10>=14.2.25 <14.2.26>=15.2.3 <15.2.4

Improper Authorization

>=11.1.4 <12.3.5>=13.0.0 <13.5.9>=14.0.0 <14.2.25>=15.0.0-rc.0 <15.2.3>=15.3.0-canary.0 <15.3.0-canary.12

Allocation of Resources Without Limits or Throttling

>=13.0.0 <13.5.8>=14.0.0 <14.2.21>=15.0.0 <15.1.2

Missing Authorization

>=9.5.5 <13.5.8>=14.0.0 <14.2.15>=15.0.0-canary.0 <15.0.0-canary.177

Uncontrolled Recursion

>=10.0.0 <14.2.7>=15.0.0-canary.0 <15.0.0-canary.109

Acceptance of Extraneous Untrusted Data With Trusted Data

>=13.5.1 <13.5.7>=14.0.0 <14.2.10

Denial of Service (DoS)

>=13.4.0 <13.5.0

Server-Side Request Forgery (SSRF)

>=13.4.0 <14.1.1

HTTP Request Smuggling

>=13.4.0 <13.5.1

Resource Exhaustion

<13.4.20-canary.13

Remote Code Execution (RCE)

>=0.9.9 <5.0.1-canary.5

Uncaught Exception

>=12.2.3 <12.2.4

User Interface (UI) Misrepresentation of Critical Information

>=10.0.0 <12.1.0

Denial of Service (DoS)

>=12.0.0 <12.0.9

Denial of Service (DoS)

>=12.0.0 <12.0.5>=11.1.0 <11.1.3

Cross-site Scripting (XSS)

>=10.0.0 <11.1.1

<11.1.0

>=9.5.0 <9.5.4

<5.1.0

<9.3.2

Cross-site Scripting (XSS)

>=7.0.0 <7.0.2

Directory Traversal

<4.2.3

Directory Traversal

<2.4.1

Cross-site Scripting (XSS)

<2.4.3

Directory Traversal

<2.4.1>=3.0.0-beta1 <3.0.0-beta7

Package versions

3362 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
15.6.0-canary.19	19 Sep, 2025	0 C 0 H 0 M 0 L
15.6.0-canary.18	19 Sep, 2025	0 C 0 H 0 M 0 L
15.6.0-canary.17	19 Sep, 2025	0 C 0 H 0 M 0 L
15.6.0-canary.16	18 Sep, 2025	0 C 0 H 0 M 0 L
15.6.0-canary.15	18 Sep, 2025	0 C 0 H 0 M 0 L
15.6.0-canary.14	18 Sep, 2025	0 C 0 H 0 M 0 L
15.6.0-canary.13	18 Sep, 2025	0 C 0 H 0 M 0 L
15.6.0-canary.12	17 Sep, 2025	0 C 0 H 0 M 0 L
15.6.0-canary.11	17 Sep, 2025	0 C 0 H 0 M 0 L
15.6.0-canary.10	16 Sep, 2025	0 C 0 H 0 M 0 L

next vulnerabilities

The React Framework

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?

Package versions