{"url":"http://public2.vulnerablecode.io/api/packages/274584?format=json","purl":"pkg:npm/next@9.5.4-canary.25","type":"npm","namespace":"","name":"next","version":"9.5.4-canary.25","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"15.5.15","latest_non_vulnerable_version":"16.2.6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58033?format=json","vulnerability_id":"VCID-471k-npa7-wqhx","summary":"Next.js Content Injection Vulnerability for Image Optimization\nA vulnerability in **Next.js Image Optimization** has been fixed in **v15.4.5** and **v14.2.31**. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery.\n\nAll users relying on `images.domains` or `images.remotePatterns` are encouraged to upgrade and verify that external image sources are strictly validated.\n\nMore details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-55173)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55173.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55173.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55173","reference_id":"","reference_type":"","scores":[{"value":"0.00687","scoring_system":"epss","scoring_elements":"0.72144","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00687","scoring_system":"epss","scoring_elements":"0.72159","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00687","scoring_system":"epss","scoring_elements":"0.72165","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55173"},{"reference_url":"https://github.com/vercel/next.js","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vercel/next.js"},{"reference_url":"https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T19:22:48Z/"}],"url":"https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd"},{"reference_url":"http://vercel.com/changelog/cve-2025-55173","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://vercel.com/changelog/cve-2025-55173"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392059","reference_id":"2392059","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392059"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55173","reference_id":"CVE-2025-55173","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55173"},{"reference_url":"https://vercel.com/changelog/cve-2025-55173","reference_id":"CVE-2025-55173","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T19:22:48Z/"}],"url":"https://vercel.com/changelog/cve-2025-55173"},{"reference_url":"https://github.com/advisories/GHSA-xv57-4mr9-wg8v","reference_id":"GHSA-xv57-4mr9-wg8v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xv57-4mr9-wg8v"},{"reference_url":"https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v","reference_id":"GHSA-xv57-4mr9-wg8v","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T19:22:48Z/"}],"url":"https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86332?format=json","purl":"pkg:npm/next@14.2.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38m6-9vq5-a7a7"},{"vulnerability":"VCID-3ruh-95mg-wybh"},{"vulnerability":"VCID-3rx6-y94b-27ep"},{"vulnerability":"VCID-5c7e-4dkw-63fg"},{"vulnerability":"VCID-753e-dm2r-sybh"},{"vulnerability":"VCID-ffry-2c7p-vyhp"},{"vulnerability":"VCID-kxdb-aa4z-qqbu"},{"vulnerability":"VCID-vqxd-ebjg-c3cw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@14.2.31"},{"url":"http://public2.vulnerablecode.io/api/packages/86333?format=json","purl":"pkg:npm/next@15.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2q2t-61xt-u3ax"},{"vulnerability":"VCID-3ruh-95mg-wybh"},{"vulnerability":"VCID-3rx6-y94b-27ep"},{"vulnerability":"VCID-5c7e-4dkw-63fg"},{"vulnerability":"VCID-753e-dm2r-sybh"},{"vulnerability":"VCID-ffry-2c7p-vyhp"},{"vulnerability":"VCID-k1q6-b8t3-hqb6"},{"vulnerability":"VCID-kxdb-aa4z-qqbu"},{"vulnerability":"VCID-vqxd-ebjg-c3cw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@15.4.5"}],"aliases":["CVE-2025-55173","GHSA-xv57-4mr9-wg8v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-471k-npa7-wqhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58037?format=json","vulnerability_id":"VCID-5c7e-4dkw-63fg","summary":"Next.js Improper Middleware Redirect Handling Leads to SSRF\nA vulnerability in **Next.js Middleware** has been fixed in **v14.2.32** and **v15.4.7**. The issue occurred when request headers were directly passed into `NextResponse.next()`. In self-hosted applications, this could allow Server-Side Request Forgery (SSRF) if certain sensitive headers from the incoming request were reflected back into the response.\n\nAll users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the `next()` function.\n\nMore details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57822)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57822","reference_id":"","reference_type":"","scores":[{"value":"0.07815","scoring_system":"epss","scoring_elements":"0.92134","published_at":"2026-06-07T12:55:00Z"},{"value":"0.07815","scoring_system":"epss","scoring_elements":"0.92135","published_at":"2026-06-06T12:55:00Z"},{"value":"0.07815","scoring_system":"epss","scoring_elements":"0.92137","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57822"},{"reference_url":"https://github.com/vercel/next.js","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vercel/next.js"},{"reference_url":"https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T17:26:15Z/"}],"url":"https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57822","reference_id":"CVE-2025-57822","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57822"},{"reference_url":"https://vercel.com/changelog/cve-2025-57822","reference_id":"CVE-2025-57822","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T17:26:15Z/"}],"url":"https://vercel.com/changelog/cve-2025-57822"},{"reference_url":"https://github.com/advisories/GHSA-4342-x723-ch2f","reference_id":"GHSA-4342-x723-ch2f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4342-x723-ch2f"},{"reference_url":"https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f","reference_id":"GHSA-4342-x723-ch2f","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T17:26:15Z/"}],"url":"https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86341?format=json","purl":"pkg:npm/next@14.2.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38m6-9vq5-a7a7"},{"vulnerability":"VCID-3ruh-95mg-wybh"},{"vulnerability":"VCID-3rx6-y94b-27ep"},{"vulnerability":"VCID-753e-dm2r-sybh"},{"vulnerability":"VCID-ffry-2c7p-vyhp"},{"vulnerability":"VCID-kxdb-aa4z-qqbu"},{"vulnerability":"VCID-vqxd-ebjg-c3cw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@14.2.32"},{"url":"http://public2.vulnerablecode.io/api/packages/86342?format=json","purl":"pkg:npm/next@15.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2q2t-61xt-u3ax"},{"vulnerability":"VCID-3ruh-95mg-wybh"},{"vulnerability":"VCID-3rx6-y94b-27ep"},{"vulnerability":"VCID-753e-dm2r-sybh"},{"vulnerability":"VCID-ffry-2c7p-vyhp"},{"vulnerability":"VCID-k1q6-b8t3-hqb6"},{"vulnerability":"VCID-kxdb-aa4z-qqbu"},{"vulnerability":"VCID-vqxd-ebjg-c3cw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@15.4.7"}],"aliases":["CVE-2025-57822","GHSA-4342-x723-ch2f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5c7e-4dkw-63fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53701?format=json","vulnerability_id":"VCID-ana8-q3x4-euhq","summary":"URL Redirection to Untrusted Site (Open Redirect)\nNext.js is vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attackers domain from a trusted domain.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15242","reference_id":"","reference_type":"","scores":[{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.4366","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43716","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.4374","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43731","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15242"},{"reference_url":"https://github.com/vercel/next.js","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vercel/next.js"},{"reference_url":"https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435"},{"reference_url":"https://github.com/zeit/next.js/releases/tag/v9.5.4","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zeit/next.js/releases/tag/v9.5.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15242","reference_id":"CVE-2020-15242","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15242"},{"reference_url":"https://github.com/advisories/GHSA-x56p-c8cg-q435","reference_id":"GHSA-x56p-c8cg-q435","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x56p-c8cg-q435"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78924?format=json","purl":"pkg:npm/next@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-471k-npa7-wqhx"},{"vulnerability":"VCID-5c7e-4dkw-63fg"},{"vulnerability":"VCID-cqhe-wty9-5qec"},{"vulnerability":"VCID-ffry-2c7p-vyhp"},{"vulnerability":"VCID-gw2b-uwg6-sba6"},{"vulnerability":"VCID-qkfv-k941-7uh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@9.5.4"}],"aliases":["CVE-2020-15242","GHSA-x56p-c8cg-q435"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ana8-q3x4-euhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58029?format=json","vulnerability_id":"VCID-cqhe-wty9-5qec","summary":"Next.js Affected by Cache Key Confusion for Image Optimization API Routes\nA vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. When images returned from API routes vary based on request headers (such as `Cookie` or `Authorization`), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug.\n\nAll users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.\n\nMore details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57752)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57752.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57752","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34442","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34462","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34478","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57752"},{"reference_url":"https://github.com/vercel/next.js","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vercel/next.js"},{"reference_url":"https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T19:23:30Z/"}],"url":"https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd"},{"reference_url":"https://github.com/vercel/next.js/pull/82114","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T19:23:30Z/"}],"url":"https://github.com/vercel/next.js/pull/82114"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392060","reference_id":"2392060","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392060"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57752","reference_id":"CVE-2025-57752","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57752"},{"reference_url":"https://vercel.com/changelog/cve-2025-57752","reference_id":"CVE-2025-57752","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T19:23:30Z/"}],"url":"https://vercel.com/changelog/cve-2025-57752"},{"reference_url":"https://github.com/advisories/GHSA-g5qg-72qw-gw5v","reference_id":"GHSA-g5qg-72qw-gw5v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g5qg-72qw-gw5v"},{"reference_url":"https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v","reference_id":"GHSA-g5qg-72qw-gw5v","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-02T19:23:30Z/"}],"url":"https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86332?format=json","purl":"pkg:npm/next@14.2.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38m6-9vq5-a7a7"},{"vulnerability":"VCID-3ruh-95mg-wybh"},{"vulnerability":"VCID-3rx6-y94b-27ep"},{"vulnerability":"VCID-5c7e-4dkw-63fg"},{"vulnerability":"VCID-753e-dm2r-sybh"},{"vulnerability":"VCID-ffry-2c7p-vyhp"},{"vulnerability":"VCID-kxdb-aa4z-qqbu"},{"vulnerability":"VCID-vqxd-ebjg-c3cw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@14.2.31"},{"url":"http://public2.vulnerablecode.io/api/packages/86333?format=json","purl":"pkg:npm/next@15.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2q2t-61xt-u3ax"},{"vulnerability":"VCID-3ruh-95mg-wybh"},{"vulnerability":"VCID-3rx6-y94b-27ep"},{"vulnerability":"VCID-5c7e-4dkw-63fg"},{"vulnerability":"VCID-753e-dm2r-sybh"},{"vulnerability":"VCID-ffry-2c7p-vyhp"},{"vulnerability":"VCID-k1q6-b8t3-hqb6"},{"vulnerability":"VCID-kxdb-aa4z-qqbu"},{"vulnerability":"VCID-vqxd-ebjg-c3cw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@15.4.5"}],"aliases":["CVE-2025-57752","GHSA-g5qg-72qw-gw5v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cqhe-wty9-5qec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64820?format=json","vulnerability_id":"VCID-ffry-2c7p-vyhp","summary":"next.js: Next.js: HTTP request smuggling in rewrites","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29057.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29057.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29057","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09382","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09377","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09397","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29057"},{"reference_url":"https://github.com/vercel/next.js","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vercel/next.js"},{"reference_url":"https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:47:14Z/"}],"url":"https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6"},{"reference_url":"https://github.com/vercel/next.js/releases/tag/v15.5.13","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:47:14Z/"}],"url":"https://github.com/vercel/next.js/releases/tag/v15.5.13"},{"reference_url":"https://github.com/vercel/next.js/releases/tag/v16.1.7","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:47:14Z/"}],"url":"https://github.com/vercel/next.js/releases/tag/v16.1.7"},{"reference_url":"https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:47:14Z/"}],"url":"https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29057","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29057"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448515","reference_id":"2448515","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448515"},{"reference_url":"https://github.com/advisories/GHSA-ggv3-7p47-pfv8","reference_id":"GHSA-ggv3-7p47-pfv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ggv3-7p47-pfv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113466?format=json","purl":"pkg:npm/next@15.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-753e-dm2r-sybh"},{"vulnerability":"VCID-kxdb-aa4z-qqbu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@15.5.13"},{"url":"http://public2.vulnerablecode.io/api/packages/113169?format=json","purl":"pkg:npm/next@16.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kxdb-aa4z-qqbu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@16.1.7"}],"aliases":["CVE-2026-29057","GHSA-ggv3-7p47-pfv8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffry-2c7p-vyhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46252?format=json","vulnerability_id":"VCID-gw2b-uwg6-sba6","summary":"Next.js missing cache-control header may lead to CDN caching empty reply\nNext.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46298","reference_id":"","reference_type":"","scores":[{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59357","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59352","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59361","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46298"},{"reference_url":"https://github.com/vercel/next.js","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vercel/next.js"},{"reference_url":"https://github.com/vercel/next.js/commit/20d05958ff853e9c9e42139ffec294336881c648","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vercel/next.js/commit/20d05958ff853e9c9e42139ffec294336881c648"},{"reference_url":"https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:50:22Z/"}],"url":"https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13"},{"reference_url":"https://github.com/vercel/next.js/issues/45301","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:50:22Z/"}],"url":"https://github.com/vercel/next.js/issues/45301"},{"reference_url":"https://github.com/vercel/next.js/pull/54732","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:50:22Z/"}],"url":"https://github.com/vercel/next.js/pull/54732"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46298","reference_id":"CVE-2023-46298","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46298"},{"reference_url":"https://github.com/advisories/GHSA-c59h-r6p8-q9wc","reference_id":"GHSA-c59h-r6p8-q9wc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c59h-r6p8-q9wc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67440?format=json","purl":"pkg:npm/next@13.4.20-canary.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16tt-tr4a-9fdx"},{"vulnerability":"VCID-38m6-9vq5-a7a7"},{"vulnerability":"VCID-3ruh-95mg-wybh"},{"vulnerability":"VCID-3rx6-y94b-27ep"},{"vulnerability":"VCID-471k-npa7-wqhx"},{"vulnerability":"VCID-4wd3-rj51-ykdx"},{"vulnerability":"VCID-5c7e-4dkw-63fg"},{"vulnerability":"VCID-753e-dm2r-sybh"},{"vulnerability":"VCID-cqhe-wty9-5qec"},{"vulnerability":"VCID-dd36-8ju8-gqej"},{"vulnerability":"VCID-dwdu-j3tf-tyav"},{"vulnerability":"VCID-ffry-2c7p-vyhp"},{"vulnerability":"VCID-gw2b-uwg6-sba6"},{"vulnerability":"VCID-kxdb-aa4z-qqbu"},{"vulnerability":"VCID-pmah-ugvq-jqbs"},{"vulnerability":"VCID-qkfv-k941-7uh9"},{"vulnerability":"VCID-vqxd-ebjg-c3cw"},{"vulnerability":"VCID-wb5m-12ur-rqhh"},{"vulnerability":"VCID-x36h-yutm-dkcr"},{"vulnerability":"VCID-zq9q-e5g1-dffr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@13.4.20-canary.0"},{"url":"http://public2.vulnerablecode.io/api/packages/134221?format=json","purl":"pkg:npm/next@13.4.20-canary.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16tt-tr4a-9fdx"},{"vulnerability":"VCID-38m6-9vq5-a7a7"},{"vulnerability":"VCID-3ruh-95mg-wybh"},{"vulnerability":"VCID-3rx6-y94b-27ep"},{"vulnerability":"VCID-471k-npa7-wqhx"},{"vulnerability":"VCID-4wd3-rj51-ykdx"},{"vulnerability":"VCID-5c7e-4dkw-63fg"},{"vulnerability":"VCID-753e-dm2r-sybh"},{"vulnerability":"VCID-cqhe-wty9-5qec"},{"vulnerability":"VCID-dd36-8ju8-gqej"},{"vulnerability":"VCID-dwdu-j3tf-tyav"},{"vulnerability":"VCID-ffry-2c7p-vyhp"},{"vulnerability":"VCID-gw2b-uwg6-sba6"},{"vulnerability":"VCID-kxdb-aa4z-qqbu"},{"vulnerability":"VCID-pmah-ugvq-jqbs"},{"vulnerability":"VCID-qkfv-k941-7uh9"},{"vulnerability":"VCID-vqxd-ebjg-c3cw"},{"vulnerability":"VCID-wb5m-12ur-rqhh"},{"vulnerability":"VCID-x36h-yutm-dkcr"},{"vulnerability":"VCID-zq9q-e5g1-dffr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@13.4.20-canary.13"},{"url":"http://public2.vulnerablecode.io/api/packages/82132?format=json","purl":"pkg:npm/next@13.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16tt-tr4a-9fdx"},{"vulnerability":"VCID-38m6-9vq5-a7a7"},{"vulnerability":"VCID-3ruh-95mg-wybh"},{"vulnerability":"VCID-3rx6-y94b-27ep"},{"vulnerability":"VCID-471k-npa7-wqhx"},{"vulnerability":"VCID-4wd3-rj51-ykdx"},{"vulnerability":"VCID-5c7e-4dkw-63fg"},{"vulnerability":"VCID-753e-dm2r-sybh"},{"vulnerability":"VCID-cqhe-wty9-5qec"},{"vulnerability":"VCID-dd36-8ju8-gqej"},{"vulnerability":"VCID-dwdu-j3tf-tyav"},{"vulnerability":"VCID-ffry-2c7p-vyhp"},{"vulnerability":"VCID-kxdb-aa4z-qqbu"},{"vulnerability":"VCID-pmah-ugvq-jqbs"},{"vulnerability":"VCID-qkfv-k941-7uh9"},{"vulnerability":"VCID-vqxd-ebjg-c3cw"},{"vulnerability":"VCID-wb5m-12ur-rqhh"},{"vulnerability":"VCID-x36h-yutm-dkcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@13.5.0"}],"aliases":["CVE-2023-46298","GHSA-c59h-r6p8-q9wc"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gw2b-uwg6-sba6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57299?format=json","vulnerability_id":"VCID-qkfv-k941-7uh9","summary":"Next.js Race Condition to Cache Poisoning\n**Summary**\nWe received a responsible disclosure from Allam Rachid (zhero) for a low-severity race-condition vulnerability in Next.js. This issue only affects the **Pages Router** under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML.\n\n[Learn more here](https://vercel.com/changelog/cve-2025-32421)\n\n**Credit**\nThank you to **Allam Rachid (zhero)** for the responsible disclosure. This research was rewarded as part of our bug bounty program.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32421.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32421.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32421","reference_id":"","reference_type":"","scores":[{"value":"0.00752","scoring_system":"epss","scoring_elements":"0.73569","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00752","scoring_system":"epss","scoring_elements":"0.73578","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00752","scoring_system":"epss","scoring_elements":"0.73582","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32421"},{"reference_url":"https://github.com/vercel/next.js","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vercel/next.js"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2366366","reference_id":"2366366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2366366"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32421","reference_id":"CVE-2025-32421","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32421"},{"reference_url":"https://vercel.com/changelog/cve-2025-32421","reference_id":"CVE-2025-32421","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:40:39Z/"}],"url":"https://vercel.com/changelog/cve-2025-32421"},{"reference_url":"https://github.com/advisories/GHSA-qpjv-v59x-3qc4","reference_id":"GHSA-qpjv-v59x-3qc4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qpjv-v59x-3qc4"},{"reference_url":"https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4","reference_id":"GHSA-qpjv-v59x-3qc4","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:40:39Z/"}],"url":"https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85143?format=json","purl":"pkg:npm/next@14.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38m6-9vq5-a7a7"},{"vulnerability":"VCID-3ruh-95mg-wybh"},{"vulnerability":"VCID-3rx6-y94b-27ep"},{"vulnerability":"VCID-471k-npa7-wqhx"},{"vulnerability":"VCID-5c7e-4dkw-63fg"},{"vulnerability":"VCID-753e-dm2r-sybh"},{"vulnerability":"VCID-cqhe-wty9-5qec"},{"vulnerability":"VCID-dd36-8ju8-gqej"},{"vulnerability":"VCID-dwdu-j3tf-tyav"},{"vulnerability":"VCID-ffry-2c7p-vyhp"},{"vulnerability":"VCID-kxdb-aa4z-qqbu"},{"vulnerability":"VCID-vqxd-ebjg-c3cw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@14.2.24"},{"url":"http://public2.vulnerablecode.io/api/packages/85144?format=json","purl":"pkg:npm/next@15.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2q2t-61xt-u3ax"},{"vulnerability":"VCID-3ruh-95mg-wybh"},{"vulnerability":"VCID-3rx6-y94b-27ep"},{"vulnerability":"VCID-471k-npa7-wqhx"},{"vulnerability":"VCID-5c7e-4dkw-63fg"},{"vulnerability":"VCID-6um9-q6h7-v3ad"},{"vulnerability":"VCID-753e-dm2r-sybh"},{"vulnerability":"VCID-cqhe-wty9-5qec"},{"vulnerability":"VCID-dd36-8ju8-gqej"},{"vulnerability":"VCID-dwdu-j3tf-tyav"},{"vulnerability":"VCID-ffry-2c7p-vyhp"},{"vulnerability":"VCID-k1q6-b8t3-hqb6"},{"vulnerability":"VCID-kxdb-aa4z-qqbu"},{"vulnerability":"VCID-vqxd-ebjg-c3cw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@15.1.6"}],"aliases":["CVE-2025-32421","GHSA-qpjv-v59x-3qc4"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkfv-k941-7uh9"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/next@9.5.4-canary.25"}