Software Detail

Software Informaton Top

Framework

Software Detail

Next.js

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://nextjs.org/
Explanation	Next.js provides the best development environment with all the features you need for production, including hybrid static and server rendering, TypeScript support, smart bundles, route prefetching, and more. No configuration is required. Translated and excerpted from [https://nextjs.org/]
Tag	MIT License Javascript

Add Information URL

No	Type	Name	URL
1			https://github.com/vercel/next.js/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	High	Medium	Low
11	Next.js 14	14.3.0-canary.14	April 21, 2024	Oct. 26, 2023	3	4	1
12	Next.js 13	13.5.11	March 27, 2025	Oct. 27, 2022	4	4	1
13	Next.js 12	12.3.1	Sept. 20, 2022	Oct. 27, 2021	6	3	0
14	Next.js 11	11.1.0	Aug. 12, 2021	June 23, 2021	4	3	0
15	Next.js 10	10.0.7	Feb. 19, 2021	Oct. 28, 2020	3	3	0
16	Next.js 9	9.5.5	Oct. 10, 2020		1	1	0
17	Next.js 8	8.0.5			1	0	0
18	Next.js 7	7.0.3			1	0	0
19	Next.js 6	6.0.4			1	0	0
20	Next.js 5	5.0.1			1	0	0
21	Next.js 4	4.0.5			1	0	0
22	Next.js 3	3.0.6			1	0	0
23	Next.js 2	2.0.1			1	0	0
24	Next.js 1	1.0.2			1	1	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
11	7.5 -	HIGH Network	Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based au…	CWE-863 Incorrect Authorization	CVE-2026-44573	cpe:2.3:a:vercel:next.js::	12.2.0 16.0.0		15.5.16 16.2.5	2026-05-14 21:24 2026-05-14	Show	GitHub Exploit DB Packet Storm

12	5.9 -	MEDIUM Network	Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path han…	CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data	CVE-2026-44572	cpe:2.3:a:vercel:next.js::	12.2.0 16.0.0		15.5.16 16.2.5	2026-05-16 00:46 2026-05-14	Show	GitHub Exploit DB Packet Storm

13	7.5 -	HIGH Network	Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a …	CWE-674 Uncontrolled Recursion	CVE-2024-47831	cpe:2.3:a:vercel:next.js::	10.0.0		14.2.7	2024-11-9 00:39 2024-10-15	Show	GitHub Exploit DB Packet Storm

14	7.5 -	HIGH Network	Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via …	NVD-CWE-noinfo	CVE-2023-46298	cpe:2.3:a:vercel:next.js:13.4.20:canary9 cpe:2.3:a:vercel:next.js:13.4.20:canary8 cpe:2.3:a:vercel:next.js:13.4.2…			13.4.20	2024-11-21 17:28 2023-10-22	Show	GitHub Exploit DB Packet Storm

15	5.3 -	MEDIUM Network	Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v…	CWE-754 Improper Check for Unusual or Exceptional Conditions	CVE-2022-36046	cpe:2.3:a:vercel:next.js:12.2.3:*				2024-11-21 16:12 2022-09-1	Show	GitHub Exploit DB Packet Storm

16	7.5 4.3	HIGH Network	Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected…	-	CVE-2022-23646	cpe:2.3:a:vercel:next.js::	10.0.0		12.1.0	2024-11-21 15:49 2022-02-18	Show	GitHub Exploit DB Packet Storm

17	7.5 4.3	HIGH Network	Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionali…	NVD-CWE-noinfo	CVE-2022-21721	cpe:2.3:a:vercel:next.js::	12.0.0		12.0.9	2024-11-21 15:45 2022-01-29	Show	GitHub Exploit DB Packet Storm

18	7.5 4.3	HIGH Network	Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use …	NVD-CWE-noinfo	CVE-2021-43803	cpe:2.3:a:vercel:next.js::	11.1.0 12.0.0		11.1.3 12.0.5	2024-11-21 15:29 2021-12-10	Show	GitHub Exploit DB Packet Storm

19	6.1 4.3	MEDIUM Network	Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the `next.confi…	CWE-79 Cross-site Scripting	CVE-2021-39178	cpe:2.3:a:vercel:next.js::	10.0.0		11.1.1	2024-11-21 15:18 2021-08-31	Show	GitHub Exploit DB Packet Storm

20	6.1 5.8	MEDIUM Network	Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated all…	CWE-601 Open Redirect	CVE-2021-37699	cpe:2.3:a:vercel:next.js::	11.0.0 10.0.5	11.0.1 10.2.0		2024-11-21 15:15 2021-08-12	Show	GitHub Exploit DB Packet Storm