Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm next Security Advisories

Moderate

GSA_kwCzR0hTQS13ZmY0LWZwd2ctcXF2M84AAui2

Unexpected server crash in Next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: 9 months ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2ajgtM3YyaC1oMzh2

Remote Code Execution in next
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS13cjY2LXZyd20tNWc1eM0nOg

Denial of Service Vulnerability in next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: over 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1NnAtYzhjZy1xNDM1

Open Redirect in Next.js versions
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS1mbXZtLXg4bXYtNDdtas0s0Q

Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: over 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3OTYtbW0yZy1jOG03

Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: over 4 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmNWMtNHF4ai12bXBm

High severity vulnerability that affects next
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: over 5 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zNHgtd2dyaC1nODk3

Directory traversal vulnerability in Next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: over 5 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxNzctN3A3ci04M3Jq

Directory Traversal in Next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: about 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4ZjUtd3h3cC1tN2c5

Open Redirect in Next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: almost 2 years ago

High

GSA_kwCzR0hTQS0yNW1wLWc2ZnYtbXF4eM0ZPg

Unexpected server crash in Next.js.
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: over 1 year ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncjMtNzg5Ny1wcDdt

XSS in Image Optimization API for Next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: almost 2 years ago

Filter by Severity

Moderate 5,143 High 4,556 Critical 2,098 Low 676

Filter by Ecosystem

maven 3,859 npm 3,126 pypi 2,605 packagist 1,696 go 1,241 nuget 939 rubygems 710 cargo 640 hex 21 actions 10 pub 5

Filter by Package

parse-server 24 electron 19 sequelize 17 @openzeppelin/contracts-upgradeable 16 marked 16 @openzeppelin/contracts 15 swagger-ui 14 strapi 14 handlebars 13 next 12 vm2 10 ghost 10 angular 10 ckeditor4 10 tinymce 10 directus 9 jquery 9 validator 9 serve 9 nodebb 8 url-parse 8 matrix-js-sdk 8 urijs 8 steal 8 jquery-ui 8 next-auth 8 npm 8 node-forge 8 editor.md 8 tar 7 total.js 7 systeminformation 7 jsrsasign 7 keystone 7 snyk-broker 7 hapi 7 bootstrap 7 hermes-engine 7 jQuery 7 undici 7 lodash 7 express-cart 6 parse-url 6 joplin 6 @strapi/strapi 6 safe-eval 6 aaptjs 6 matrix-react-sdk 6 shescape 5 ua-parser-js 5 rendertron 5 dojo 5 dns-sync 5 ecstatic 5 safer-eval 5 moment 5 qs 5 public 5 @sequelize/core 5 jsonwebtoken 5 lodash-es 5 prismjs 5 sanitize-html 5 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 simple-git 4 rsshub 4 simple-markdown 4 glance 4 sweetalert2 4 engine.io 4 matrix-appservice-irc 4 yarn 4 hummus 4 muhammara 4 nocodb 4 apostrophe 4 generator-jhipster 4 valine 4 highcharts 4 is-my-json-valid 4 mermaid 4 auth0-js 4 vditor 4 xmldom 4 materialize-css 4 ejs 4 tinymce/tinymce 4 TinyMCE 4 realms-shim 4 fastify 4 xlsx 4 ws 4 openpgp 4 remarkable 4 vega 4 auth0-lock 4 xdLocalStorage 3 jwt-simple 3 @strapi/plugin-users-permissions 3 mixme 3 static-eval 3 nadesiko3 3 jspdf 3 bson 3 immer 3 jointjs 3 axios 3 ftp-srv 3 aedes 3 subtext 3 @hapi/subtext 3 bin-links 3 node-red-dashboard 3 node-fetch 3 mongoose 3 lodash.merge 3 apollo-server 3 harp 3 minimist 3 dompurify 3 node-opcua 3 apollo-server-core 3 raneto 3 protobufjs 3 hekto 3 object-path 3 jquery-validation 3 json-pointer 3 @uppy/companion 3 slpjs 3 froala-editor 3 convert-svg-core 3 yapi-vendor 3 node-ipc 3 grunt 3 code-server 3 mathjs 3 keycloak-connect 3 send 3 notevil 3 sails 3 feathers-sequelize 3 json-ptr 3 mongo-express 3 convict 3 @backstage/plugin-scaffolder-backend 3 socket.io-parser 3 loader-utils 3 org.webjars.npm:xlsx 3 simplehttpserver 3 socket.io-file 3 locutus 3 @backstage/techdocs-common 3 n8n 3 codecov 3 @ckeditor/ckeditor5-markdown-gfm 3 uap-core 3 @commercial/subtext 3 parsel 3 http-live-simulator 3 lodash.mergewith 3 lodash.defaultsdeep 3 buttle 3 serialize-to-js 3 m-server 3 slp-validate 3 dojox 3 https-proxy-agent 3 ids-enterprise 3 localhost-now 3 js-yaml 3 uglify-js 3 macaddress 2 node-rules 2 lazysizes 2 decal 2 http-proxy-agent 2 waterline-sequel 2 @claviska/jquery-minicolors 2 whereis 2 merge 2 fastify-static 2 canvas 2 sshpk 2 jsuites 2 docsify 2 @node-red/runtime 2 node-jose 2 nunjucks 2 sockjs 2 papaparse 2 highlight.js 2 electron-markdownify 2 async-git 2 multi-ini 2 request 2 braces 2 @hapi/hoek 2 isolated-vm 2 netmask 2 ses 2 saml2-js 2 yeoman-genrator 2 json-serializer 2 ibm_db 2 node-saml 2 quill 2 debug 2 snyk 2 set-in 2 loopback 2 defaults-deep 2 elliptic 2 eslint-config-eslint 2 @fastify/passport 2 flatmap-stream 2 angular-expressions 2 minimatch 2 dotty 2 fs-path 2 jose-node-esm-runtime 2 jose 2 jose-node-cjs-runtime 2 jose-browser-runtime 2 google-closure-library 2 knockout 2 moment-timezone 2 vite 2 @actions/core 2 constantinople 2 list-n-stream 2 tough-cookie 2 node-simple-router 2 renovate 2 @finastra/nestjs-proxy 2 mysql 2 @builder.io/qwik 2 tomato 2 jQuery.Validation 2 serialize-javascript 2 serve-lite 2 bootstrap-table 2 pullit 2 node-static 2 blamer 2 payload 2 deep-get-set 2 deap 2 detect-character-encoding 2 querymen 2 fast-string-search 2 crud-file-server 2 dot 2 set-value 2 giting 2 jpeg-js 2 semver-regex 2 ungit 2 mout 2 @keystone-6/core 2 @xmldom/xmldom 2 sds 2 shell-quote 2 fastify-csrf 2 node-sass 2 html-janitor 2 mapbox-rails 2 mapbox.js 2 @npmcli/arborist 2 jszip 2 ms 2 madlib-object-utils 2 express-openid-connect 2 css-what 2 passport-saml 2 bodymen 2 rgb2hex 2 libnested 2 acorn 2 connect 2 assign-deep 2 merge-deep 2 status-board 2 http-file-server 2 jquery-rails 2 typeorm 2 jquery.terminal 2 angular-http-server 2 @cubejs-backend/api-gateway 2 mqtt-packet 2 bootstrap-sass 2 bootstrap 2 st 2 i18next 2 mustache 2 ssri 2 http-proxy 2 express-fileupload 2