Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/next@15.0.8
Typenpm
Namespace
Namenext
Version15.0.8
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version15.1.9
Latest_non_vulnerable_version16.1.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3rx6-y94b-27ep
vulnerability_id VCID-3rx6-y94b-27ep
summary 
Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components
A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg).

A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory exceptions, or server crashes. This can result in denial of service in unpatched environments.
references
0
reference_url https://github.com/vercel/next.js
reference_id
reference_type
scores
url https://github.com/vercel/next.js
1
reference_url https://vercel.com/changelog/summary-of-cve-2026-23864
reference_id
reference_type
scores
url https://vercel.com/changelog/summary-of-cve-2026-23864
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23864
reference_id CVE-2026-23864
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-23864
3
reference_url https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg
reference_id GHSA-83fc-fqcc-2hmg
reference_type
scores
url https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg
4
reference_url https://github.com/advisories/GHSA-h25m-26qc-wcjf
reference_id GHSA-h25m-26qc-wcjf
reference_type
scores
url https://github.com/advisories/GHSA-h25m-26qc-wcjf
5
reference_url https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf
reference_id GHSA-h25m-26qc-wcjf
reference_type
scores
url https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf
fixed_packages
0
url pkg:npm/next@15.0.8
purl pkg:npm/next@15.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.0.8
1
url pkg:npm/next@15.1.12
purl pkg:npm/next@15.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.1.12
2
url pkg:npm/next@15.2.9
purl pkg:npm/next@15.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.2.9
3
url pkg:npm/next@15.3.9
purl pkg:npm/next@15.3.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.9
4
url pkg:npm/next@15.4.11
purl pkg:npm/next@15.4.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.4.11
5
url pkg:npm/next@15.5.10
purl pkg:npm/next@15.5.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.5.10
6
url pkg:npm/next@15.6.0-canary.61
purl pkg:npm/next@15.6.0-canary.61
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.6.0-canary.61
7
url pkg:npm/next@16.0.11
purl pkg:npm/next@16.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@16.0.11
8
url pkg:npm/next@16.1.5
purl pkg:npm/next@16.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@16.1.5
aliases GHSA-h25m-26qc-wcjf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3rx6-y94b-27ep
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/next@15.0.8