Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/next@16.2.1-canary.9
Typenpm
Namespace
Namenext
Version16.2.1-canary.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version16.2.3
Latest_non_vulnerable_version16.2.6
Affected_by_vulnerabilities
0
url VCID-kxdb-aa4z-qqbu
vulnerability_id VCID-kxdb-aa4z-qqbu
summary 
Next.js has a Denial of Service with Server Components
A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg). You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869).

A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.
references
0
reference_url https://github.com/vercel/next.js
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vercel/next.js
1
reference_url https://github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3
2
reference_url https://vercel.com/changelog/summary-of-cve-2026-23869
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vercel.com/changelog/summary-of-cve-2026-23869
3
reference_url https://github.com/advisories/GHSA-q4gf-8mx6-v5v3
reference_id GHSA-q4gf-8mx6-v5v3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q4gf-8mx6-v5v3
fixed_packages
0
url pkg:npm/next@16.2.3
purl pkg:npm/next@16.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@16.2.3
aliases GHSA-q4gf-8mx6-v5v3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxdb-aa4z-qqbu
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/next@16.2.1-canary.9