- Notifications
You must be signed in to change notification settings - Fork30.1k
Security: vercel/next.js
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
- Denial of Service with Server Components - Incomplete Fix Follow-UpGHSA-5j59-xgg2-r9c4 published
Dec 11, 2025 byfeedthejimHigh - Server Actions Source Code ExposureGHSA-w37m-7fhw-fmv9 published
Dec 11, 2025 byfeedthejimModerate - Denial of Service with Server ComponentsGHSA-mwv6-3258-q52c published
Dec 11, 2025 byfeedthejimHigh - RCE in React Server ComponentsGHSA-9qr9-h5gf-34mp published
Dec 3, 2025 byaaronbrown-vercelCritical - Improper Middleware Redirect Handling Leads to SSRFGHSA-4342-x723-ch2f published
Aug 29, 2025 byaaronbrown-vercelModerate - Content Injection for Image OptimizationGHSA-xv57-4mr9-wg8v published
Aug 29, 2025 byaaronbrown-vercelModerate - Cache Key Confusion for Image Optimization API RoutesGHSA-g5qg-72qw-gw5v published
Aug 29, 2025 byaaronbrown-vercelModerate - Cache poisoning due to omission of Vary headerGHSA-r2fc-ccr8-96c4 published
Jul 3, 2025 byztannerLow - DoS via cache poisoningGHSA-67rr-84xm-4c7r published
Jul 3, 2025 byztannerHigh - x-middleware-subrequest-id may be leaked to external hostsGHSA-223j-4rm8-mrmf published
Apr 2, 2025 byaaronbrown-vercelLow