next vulnerabilities

The React Framework

  • latest version

    15.5.2

  • latest non vulnerable version

  • first published

    14 years ago

  • latest version published

    11 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the next package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Server-side Request Forgery (SSRF)

    <14.2.32>=15.0.0 <15.4.2-canary.43>=15.4.3 <15.4.7
    • M
    Use of Cache Containing Sensitive Information

    <14.2.31>=15.0.0 <15.4.2-canary.19>=15.4.3 <15.4.5
    • L
    Missing Source Correlation of Multiple Independent Data

    <14.2.31>=15.0.0 <15.4.2-canary.19>=15.4.3 <15.4.5
    • H
    HTTP Request Smuggling

    >=15.0.4-canary.51 <15.1.8
    • M
    Interpretation Conflict

    >=15.3.0 <15.3.3
    • L
    Missing Origin Validation in WebSockets

    >=13.0.0 <14.2.30>=15.0.0-rc.0 <15.2.2
    • M
    Race Condition

    <14.2.24>=15.0.0 <15.1.6
    • M
    Information Exposure

    >=12.3.5 <12.3.6>=13.5.9 <13.5.10>=14.2.25 <14.2.26>=15.2.3 <15.2.4
    • C
    Improper Authorization

    >=11.1.4 <12.3.5>=13.0.0 <13.5.9>=14.0.0 <14.2.25>=15.0.0-rc.0 <15.2.3>=15.3.0-canary.0 <15.3.0-canary.12
    • M
    Allocation of Resources Without Limits or Throttling

    >=13.0.0 <13.5.8>=14.0.0 <14.2.21>=15.0.0 <15.1.2
    • H
    Missing Authorization

    >=9.5.5 <13.5.8>=14.0.0 <14.2.15>=15.0.0-canary.0 <15.0.0-canary.177
    • H
    Uncontrolled Recursion

    >=10.0.0 <14.2.7>=15.0.0-canary.0 <15.0.0-canary.109
    • H
    Acceptance of Extraneous Untrusted Data With Trusted Data

    >=13.5.1 <13.5.7>=14.0.0 <14.2.10
    • H
    Denial of Service (DoS)

    >=13.4.0 <13.5.0
    • M
    Server-Side Request Forgery (SSRF)

    >=13.4.0 <14.1.1
    • H
    HTTP Request Smuggling

    >=13.4.0 <13.5.1
    • M
    Resource Exhaustion

    <13.4.20-canary.13
    • H
    Remote Code Execution (RCE)

    >=0.9.9 <5.0.1-canary.5
    • M
    Uncaught Exception

    >=12.2.3 <12.2.4
    • M
    User Interface (UI) Misrepresentation of Critical Information

    >=10.0.0 <12.1.0
    • M
    Denial of Service (DoS)

    >=12.0.0 <12.0.9
    • H
    Denial of Service (DoS)

    >=12.0.0 <12.0.5>=11.1.0 <11.1.3
    • M
    Cross-site Scripting (XSS)

    >=10.0.0 <11.1.1
    • M
    Open Redirect

    <11.1.0
    • M
    Open Redirect

    >=9.5.0 <9.5.4
    • H
    Arbitrary File Read

    <5.1.0
    • M
    Path Traversal

    <9.3.2
    • M
    Cross-site Scripting (XSS)

    >=7.0.0 <7.0.2
    • H
    Directory Traversal

    <4.2.3
    • H
    Directory Traversal

    <2.4.1
    • M
    Cross-site Scripting (XSS)

    <2.4.3
    • H
    Directory Traversal

    <2.4.1>=3.0.0-beta1 <3.0.0-beta7

    Package versions

    3333 VERSIONS IN TOTAL See all versions
    versionpublisheddirect vulnerabilities
    15.5.226 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    15.5.126 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    15.5.1-canary.316 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    15.5.1-canary.305 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    15.5.1-canary.295 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    15.5.1-canary.284 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    15.5.1-canary.274 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    15.5.1-canary.264 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    15.5.1-canary.253 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    15.5.1-canary.242 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L