Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/72940?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/72940?format=api", "purl": "pkg:npm/next@14.2.34", "type": "npm", "namespace": "", "name": "next", "version": "14.2.34", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "14.2.35", "latest_non_vulnerable_version": "16.1.5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49418?format=api", "vulnerability_id": "VCID-3ruh-95mg-wybh", "summary": "Next Vulnerable to Denial of Service with Server Components\nA vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).\n\nA malicious HTTP request can be crafted and sent to any App Router endpoint that, when deserialized, can cause the server process to hang and consume CPU. This can result in denial of service in unpatched environments.", "references": [ { "reference_url": "https://github.com/vercel/next.js", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/vercel/next.js" }, { "reference_url": "https://nextjs.org/blog/security-update-2025-12-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nextjs.org/blog/security-update-2025-12-11" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2025-55184", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cve.org/CVERecord?id=CVE-2025-55184" }, { "reference_url": "https://github.com/advisories/GHSA-mwv6-3258-q52c", "reference_id": "GHSA-mwv6-3258-q52c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mwv6-3258-q52c" }, { "reference_url": "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c", "reference_id": "GHSA-mwv6-3258-q52c", "reference_type": "", "scores": [], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72940?format=api", "purl": "pkg:npm/next@14.2.34", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/next@14.2.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/72927?format=api", "purl": "pkg:npm/next@15.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38m6-9vq5-a7a7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/next@15.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/72928?format=api", "purl": "pkg:npm/next@15.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38m6-9vq5-a7a7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/next@15.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/72929?format=api", "purl": "pkg:npm/next@15.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38m6-9vq5-a7a7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/next@15.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/72930?format=api", "purl": "pkg:npm/next@15.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38m6-9vq5-a7a7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/72931?format=api", "purl": "pkg:npm/next@15.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38m6-9vq5-a7a7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/next@15.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/72932?format=api", "purl": "pkg:npm/next@15.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38m6-9vq5-a7a7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/next@15.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/72933?format=api", "purl": "pkg:npm/next@15.6.0-canary.59", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38m6-9vq5-a7a7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/next@15.6.0-canary.59" }, { "url": "http://public2.vulnerablecode.io/api/packages/72934?format=api", "purl": "pkg:npm/next@16.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38m6-9vq5-a7a7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/next@16.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/72935?format=api", "purl": "pkg:npm/next@16.1.0-canary.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38m6-9vq5-a7a7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/next@16.1.0-canary.17" } ], "aliases": [ "GHSA-mwv6-3258-q52c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ruh-95mg-wybh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/next@14.2.34" }