Package impact
npm / next
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44580 | medium | 6.1 | 6.1 | 15d ago | Next.js has cross-site scripting in beforeInteractive scripts with untrusted input | |
| CVE-2026-44577 | medium | 5.9 | 5.9 | 15d ago | Next.js has a Denial of Service in the Image Optimization API | |
| CVE-2026-44572 | medium | 5.9 | 5.9 | 15d ago | Next.js's Middleware / Proxy redirects can be cache-poisoned | |
| CVE-2026-44576 | medium | 5.4 | 5.4 | 15d ago | Next.js vulnerable to cache poisoning in React Server Component responses | |
| CVE-2026-44581 | medium | 4.7 | 4.7 | 15d ago | Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces | |
| CVE-2026-44582 | low | 3.7 | 3.7 | 15d ago | Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting |