Package impact
NPM / next
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44580 | medium | 6.1 | 6.1 | 16d ago | Next.js has cross-site scripting in beforeInteractive scripts with untrusted input | |||
| CVE-2026-44577 | medium | 5.9 | 5.9 | 16d ago | Next.js has a Denial of Service in the Image Optimization API | |||
| CVE-2026-44572 | medium | 5.9 | 5.9 | 16d ago | Next.js's Middleware / Proxy redirects can be cache-poisoned | |||
| CVE-2026-44576 | medium | 5.4 | 5.4 | 16d ago | Next.js vulnerable to cache poisoning in React Server Component responses | |||
| CVE-2026-44581 | medium | 4.7 | 4.7 | 16d ago | Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces | |||
| CVE-2026-44582 | low | 3.7 | 3.7 | 16d ago | Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting |