Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/next@15.5.15
Typenpm
Namespace
Namenext
Version15.5.15
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version16.1.7
Latest_non_vulnerable_version16.2.3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-asd4-96ec-vqav
vulnerability_id VCID-asd4-96ec-vqav
summary 
Next.js has a Denial of Service with Server Components
A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg). You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869).

A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.
references
0
reference_url https://github.com/vercel/next.js
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vercel/next.js
1
reference_url https://github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3
2
reference_url https://vercel.com/changelog/summary-of-cve-2026-23869
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vercel.com/changelog/summary-of-cve-2026-23869
3
reference_url https://github.com/advisories/GHSA-q4gf-8mx6-v5v3
reference_id GHSA-q4gf-8mx6-v5v3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q4gf-8mx6-v5v3
fixed_packages
0
url pkg:npm/next@15.5.15
purl pkg:npm/next@15.5.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.5.15
1
url pkg:npm/next@16.2.3
purl pkg:npm/next@16.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@16.2.3
aliases GHSA-q4gf-8mx6-v5v3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-asd4-96ec-vqav
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/next@15.5.15