What is the documentation issue?

Hi,

i had reported the following below toresponsible.disclosure@vercel.com more then a month ago but never received an answer / action so trying it here as well because this is not really a new vulnerability report but an update to existing advisories. If this is not the correct place feel free to close again and push this topic to the responsible team again.

Is there any context that might help us understand?

Example 1

This is addressing the following advisories

• GHSA-67rr-84xm-4c7r
• https://vercel.com/changelog/cve-2025-49826

It seems the following at the top of the GitHub advisory:

Affected versions: >15.0.4 and <15.2.0
Patched versions: ≤15.0.4 and ≥15.2.0

doesn't match the other existing info on both URLs:

It impacted versions >=15.1.0 <15.1.8

Example 2

Furthermore the following advisory:

GHSA-f82v-jwr5-mffw

includes the following at the top:

Affected versions

>11.1.4
>14.0
>15.0

but when reading external sources like e.g.https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware correctly:

starting with version 11.1.4 were vulnerable

these probably should be:

>=11.1.4
>=14.0
>=15.0

similar to the existing ">= 13.0.0" instead.

Example 3

Finally the following advisory:

GHSA-223j-4rm8-mrmf

currently only includes single versions like "12.3.5" in the "Affected versions" section. Are really only these single versions affected or should these be e.g. "<= 12.3.5"?

Does the docs page already exist? Please link to it.

• GHSA-67rr-84xm-4c7r
• https://vercel.com/changelog/cve-2025-49826
• GHSA-f82v-jwr5-mffw
• GHSA-223j-4rm8-mrmf