next vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the next package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Server-side Request Forgery (SSRF)	<14.2.32>=15.0.0 <15.4.2-canary.43>=15.4.3 <15.4.7
M Use of Cache Containing Sensitive Information	<14.2.31>=15.0.0 <15.4.2-canary.19>=15.4.3 <15.4.5
L Missing Source Correlation of Multiple Independent Data	<14.2.31>=15.0.0 <15.4.2-canary.19>=15.4.3 <15.4.5
H HTTP Request Smuggling	>=15.0.4-canary.51 <15.1.8
M Interpretation Conflict	>=15.3.0 <15.3.3
L Missing Origin Validation in WebSockets	>=13.0.0 <14.2.30>=15.0.0-rc.0 <15.2.2
M Race Condition	<14.2.24>=15.0.0 <15.1.6
M Information Exposure	>=12.3.5 <12.3.6>=13.5.9 <13.5.10>=14.2.25 <14.2.26>=15.2.3 <15.2.4
C Improper Authorization	>=11.1.4 <12.3.5>=13.0.0 <13.5.9>=14.0.0 <14.2.25>=15.0.0-rc.0 <15.2.3>=15.3.0-canary.0 <15.3.0-canary.12
M Allocation of Resources Without Limits or Throttling	>=13.0.0 <13.5.8>=14.0.0 <14.2.21>=15.0.0 <15.1.2
H Missing Authorization	>=9.5.5 <13.5.8>=14.0.0 <14.2.15>=15.0.0-canary.0 <15.0.0-canary.177
H Uncontrolled Recursion	>=10.0.0 <14.2.7>=15.0.0-canary.0 <15.0.0-canary.109
H Acceptance of Extraneous Untrusted Data With Trusted Data	>=13.5.1 <13.5.7>=14.0.0 <14.2.10
H Denial of Service (DoS)	>=13.4.0 <13.5.0
H Server-Side Request Forgery (SSRF)	>=13.4.0 <14.1.1
H HTTP Request Smuggling	>=13.4.0 <13.5.1
M Resource Exhaustion	<13.4.20-canary.13
H Remote Code Execution (RCE)	>=0.9.9 <5.0.1-canary.5
M Uncaught Exception	>=12.2.3 <12.2.4
M User Interface (UI) Misrepresentation of Critical Information	>=10.0.0 <12.1.0
M Denial of Service (DoS)	>=12.0.0 <12.0.9
H Denial of Service (DoS)	>=12.0.0 <12.0.5>=11.1.0 <11.1.3
M Cross-site Scripting (XSS)	>=10.0.0 <11.1.1
M Open Redirect	<11.1.0
M Open Redirect	>=9.5.0 <9.5.4
H Arbitrary File Read	<5.1.0
M Path Traversal	<9.3.2
M Cross-site Scripting (XSS)	>=7.0.0 <7.0.2
H Directory Traversal	<4.2.3
H Directory Traversal	<2.4.1
M Cross-site Scripting (XSS)	<2.4.3
H Directory Traversal	<2.4.1>=3.0.0-beta1 <3.0.0-beta7

Vulnerability

Vulnerable Version

Server-side Request Forgery (SSRF)

<14.2.32>=15.0.0 <15.4.2-canary.43>=15.4.3 <15.4.7

Use of Cache Containing Sensitive Information

<14.2.31>=15.0.0 <15.4.2-canary.19>=15.4.3 <15.4.5

Missing Source Correlation of Multiple Independent Data

<14.2.31>=15.0.0 <15.4.2-canary.19>=15.4.3 <15.4.5

HTTP Request Smuggling

>=15.0.4-canary.51 <15.1.8

Interpretation Conflict

>=15.3.0 <15.3.3

Missing Origin Validation in WebSockets

>=13.0.0 <14.2.30>=15.0.0-rc.0 <15.2.2

Race Condition

<14.2.24>=15.0.0 <15.1.6

Information Exposure

>=12.3.5 <12.3.6>=13.5.9 <13.5.10>=14.2.25 <14.2.26>=15.2.3 <15.2.4

Improper Authorization

>=11.1.4 <12.3.5>=13.0.0 <13.5.9>=14.0.0 <14.2.25>=15.0.0-rc.0 <15.2.3>=15.3.0-canary.0 <15.3.0-canary.12

Allocation of Resources Without Limits or Throttling

>=13.0.0 <13.5.8>=14.0.0 <14.2.21>=15.0.0 <15.1.2

Missing Authorization

>=9.5.5 <13.5.8>=14.0.0 <14.2.15>=15.0.0-canary.0 <15.0.0-canary.177

Uncontrolled Recursion

>=10.0.0 <14.2.7>=15.0.0-canary.0 <15.0.0-canary.109

Acceptance of Extraneous Untrusted Data With Trusted Data

>=13.5.1 <13.5.7>=14.0.0 <14.2.10

Denial of Service (DoS)

>=13.4.0 <13.5.0

Server-Side Request Forgery (SSRF)

>=13.4.0 <14.1.1

HTTP Request Smuggling

>=13.4.0 <13.5.1

Resource Exhaustion

<13.4.20-canary.13

Remote Code Execution (RCE)

>=0.9.9 <5.0.1-canary.5

Uncaught Exception

>=12.2.3 <12.2.4

User Interface (UI) Misrepresentation of Critical Information

>=10.0.0 <12.1.0

Denial of Service (DoS)

>=12.0.0 <12.0.9

Denial of Service (DoS)

>=12.0.0 <12.0.5>=11.1.0 <11.1.3

Cross-site Scripting (XSS)

>=10.0.0 <11.1.1

<11.1.0

>=9.5.0 <9.5.4

<5.1.0

<9.3.2

Cross-site Scripting (XSS)

>=7.0.0 <7.0.2

Directory Traversal

<4.2.3

Directory Traversal

<2.4.1

Cross-site Scripting (XSS)

<2.4.3

Directory Traversal

<2.4.1>=3.0.0-beta1 <3.0.0-beta7

Package versions

3439 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
16.0.2-canary.4	1 Nov, 2025	0 C 0 H 0 M 0 L
16.0.2-canary.3	31 Oct, 2025	0 C 0 H 0 M 0 L
16.0.2-canary.2	30 Oct, 2025	0 C 0 H 0 M 0 L
16.0.2-canary.1	29 Oct, 2025	0 C 0 H 0 M 0 L
16.0.2-canary.0	28 Oct, 2025	0 C 0 H 0 M 0 L
16.0.1	28 Oct, 2025	0 C 0 H 0 M 0 L
16.0.1-canary.6	28 Oct, 2025	0 C 0 H 0 M 0 L
16.0.1-canary.5	27 Oct, 2025	0 C 0 H 0 M 0 L
16.0.1-canary.4	27 Oct, 2025	0 C 0 H 0 M 0 L
16.0.1-canary.3	27 Oct, 2025	0 C 0 H 0 M 0 L

next vulnerabilities

The React Framework

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically

Package versions