VulnerableCode Package Details - pkg:npm/next@15.5.16

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5wd7-tyx3-8qgx	Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting	CVE-2026-44582 GHSA-vfv6-92ff-j949
VCID-6xdp-rz4p-7yg6	Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces	CVE-2026-44581 GHSA-ffhc-5mcf-pf4q
VCID-8yw2-detr-3fbv	Next.js vulnerable to cache poisoning in React Server Component responses	CVE-2026-44576 GHSA-wfc6-r584-vfw7
VCID-b9ar-1t6z-63dy	Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n	CVE-2026-44573 GHSA-36qx-fr4f-26g5
VCID-bjap-g93e-a7fj	Next.js's Middleware / Proxy redirects can be cache-poisoned	CVE-2026-44572 GHSA-3g8h-86w9-wvmq
VCID-e99q-bmqs-4fcy	Next.js has cross-site scripting in beforeInteractive scripts with untrusted input	CVE-2026-44580 GHSA-gx5p-jg67-6x7h
VCID-g8w6-qujv-dkdj	Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades	CVE-2026-44578 GHSA-c4j6-fc7j-m34r
VCID-grnz-75dr-zbb6	Next.js has a Denial of Service in the Image Optimization API	CVE-2026-44577 GHSA-h64f-5h5j-jqjh
VCID-hv3p-7mme-a7fe	Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components	CVE-2026-44579 GHSA-mg66-mrh9-m8jx
VCID-ud4r-dcsg-hkac	Next.js has a Middleware / Proxy bypass through dynamic route parameter injection	CVE-2026-44574 GHSA-492v-c6pp-mqqv
VCID-wq4q-a494-cbd3	Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes	CVE-2026-44575 GHSA-267c-6grr-h53f
VCID-xvnz-xwyq-kqdu	Next.js Vulnerable to Denial of Service with Server Components	GHSA-8h8q-6873-q5fj

Vulnerability

Summary

Aliases

VCID-5wd7-tyx3-8qgx

Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting

CVE-2026-44582
GHSA-vfv6-92ff-j949

VCID-6xdp-rz4p-7yg6

Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces

CVE-2026-44581
GHSA-ffhc-5mcf-pf4q

VCID-8yw2-detr-3fbv

Next.js vulnerable to cache poisoning in React Server Component responses

CVE-2026-44576
GHSA-wfc6-r584-vfw7

VCID-b9ar-1t6z-63dy

Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n

CVE-2026-44573
GHSA-36qx-fr4f-26g5

VCID-bjap-g93e-a7fj

Next.js's Middleware / Proxy redirects can be cache-poisoned

CVE-2026-44572
GHSA-3g8h-86w9-wvmq

VCID-e99q-bmqs-4fcy

Next.js has cross-site scripting in beforeInteractive scripts with untrusted input

CVE-2026-44580
GHSA-gx5p-jg67-6x7h

VCID-g8w6-qujv-dkdj

Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades

CVE-2026-44578
GHSA-c4j6-fc7j-m34r

VCID-grnz-75dr-zbb6

Next.js has a Denial of Service in the Image Optimization API

CVE-2026-44577
GHSA-h64f-5h5j-jqjh

VCID-hv3p-7mme-a7fe

Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components

CVE-2026-44579
GHSA-mg66-mrh9-m8jx

VCID-ud4r-dcsg-hkac

Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

CVE-2026-44574
GHSA-492v-c6pp-mqqv

VCID-wq4q-a494-cbd3

Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes

CVE-2026-44575
GHSA-267c-6grr-h53f

VCID-xvnz-xwyq-kqdu

Next.js Vulnerable to Denial of Service with Server Components

GHSA-8h8q-6873-q5fj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-13T18:36:40.018482+00:00	GithubOSV Importer	Fixing	VCID-g8w6-qujv-dkdj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-c4j6-fc7j-m34r/GHSA-c4j6-fc7j-m34r.json	38.6.0
2026-05-13T18:36:37.278755+00:00	GithubOSV Importer	Fixing	VCID-ud4r-dcsg-hkac	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-492v-c6pp-mqqv/GHSA-492v-c6pp-mqqv.json	38.6.0
2026-05-13T18:36:37.067854+00:00	GithubOSV Importer	Fixing	VCID-hv3p-7mme-a7fe	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-mg66-mrh9-m8jx/GHSA-mg66-mrh9-m8jx.json	38.6.0
2026-05-13T18:36:35.852133+00:00	GithubOSV Importer	Fixing	VCID-b9ar-1t6z-63dy	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-36qx-fr4f-26g5/GHSA-36qx-fr4f-26g5.json	38.6.0
2026-05-13T18:36:34.243640+00:00	GithubOSV Importer	Fixing	VCID-8yw2-detr-3fbv	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-wfc6-r584-vfw7/GHSA-wfc6-r584-vfw7.json	38.6.0
2026-05-13T18:36:30.266807+00:00	GithubOSV Importer	Fixing	VCID-e99q-bmqs-4fcy	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-gx5p-jg67-6x7h/GHSA-gx5p-jg67-6x7h.json	38.6.0
2026-05-13T18:36:29.330685+00:00	GithubOSV Importer	Fixing	VCID-wq4q-a494-cbd3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-267c-6grr-h53f/GHSA-267c-6grr-h53f.json	38.6.0
2026-05-13T18:36:29.041262+00:00	GithubOSV Importer	Fixing	VCID-5wd7-tyx3-8qgx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-vfv6-92ff-j949/GHSA-vfv6-92ff-j949.json	38.6.0
2026-05-13T18:36:28.241136+00:00	GithubOSV Importer	Fixing	VCID-bjap-g93e-a7fj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-3g8h-86w9-wvmq/GHSA-3g8h-86w9-wvmq.json	38.6.0
2026-05-13T18:36:27.887997+00:00	GithubOSV Importer	Fixing	VCID-6xdp-rz4p-7yg6	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-ffhc-5mcf-pf4q/GHSA-ffhc-5mcf-pf4q.json	38.6.0
2026-05-13T18:36:21.716620+00:00	GithubOSV Importer	Fixing	VCID-grnz-75dr-zbb6	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-h64f-5h5j-jqjh/GHSA-h64f-5h5j-jqjh.json	38.6.0
2026-05-13T18:36:20.343011+00:00	GithubOSV Importer	Fixing	VCID-xvnz-xwyq-kqdu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-8h8q-6873-q5fj/GHSA-8h8q-6873-q5fj.json	38.6.0
2026-05-12T18:39:03.686655+00:00	GHSA Importer	Fixing	VCID-bjap-g93e-a7fj	https://github.com/advisories/GHSA-3g8h-86w9-wvmq	38.6.0
2026-05-12T18:39:03.539309+00:00	GHSA Importer	Fixing	VCID-6xdp-rz4p-7yg6	https://github.com/advisories/GHSA-ffhc-5mcf-pf4q	38.6.0
2026-05-12T18:39:03.485666+00:00	GHSA Importer	Fixing	VCID-5wd7-tyx3-8qgx	https://github.com/advisories/GHSA-vfv6-92ff-j949	38.6.0
2026-05-12T18:39:03.450249+00:00	GHSA Importer	Fixing	VCID-e99q-bmqs-4fcy	https://github.com/advisories/GHSA-gx5p-jg67-6x7h	38.6.0
2026-05-12T18:39:03.416089+00:00	GHSA Importer	Fixing	VCID-hv3p-7mme-a7fe	https://github.com/advisories/GHSA-mg66-mrh9-m8jx	38.6.0
2026-05-12T18:39:03.378626+00:00	GHSA Importer	Fixing	VCID-grnz-75dr-zbb6	https://github.com/advisories/GHSA-h64f-5h5j-jqjh	38.6.0
2026-05-12T18:39:03.348739+00:00	GHSA Importer	Fixing	VCID-g8w6-qujv-dkdj	https://github.com/advisories/GHSA-c4j6-fc7j-m34r	38.6.0
2026-05-12T18:39:03.288520+00:00	GHSA Importer	Fixing	VCID-8yw2-detr-3fbv	https://github.com/advisories/GHSA-wfc6-r584-vfw7	38.6.0
2026-05-12T18:39:03.251437+00:00	GHSA Importer	Fixing	VCID-wq4q-a494-cbd3	https://github.com/advisories/GHSA-267c-6grr-h53f	38.6.0
2026-05-12T18:39:03.211612+00:00	GHSA Importer	Fixing	VCID-ud4r-dcsg-hkac	https://github.com/advisories/GHSA-492v-c6pp-mqqv	38.6.0
2026-05-12T18:39:03.161683+00:00	GHSA Importer	Fixing	VCID-b9ar-1t6z-63dy	https://github.com/advisories/GHSA-36qx-fr4f-26g5	38.6.0
2026-05-12T18:39:02.966848+00:00	GHSA Importer	Fixing	VCID-xvnz-xwyq-kqdu	https://github.com/advisories/GHSA-8h8q-6873-q5fj	38.6.0