Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the createMap, createSet, and extractIterator functions in packages/react-server/src/ReactFlightReplyServer.js. An attacker can crash the server by...

Deserialization of Untrusted Data

Overview next is a react framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe deserialization of payloads from HTTP requests to Server Function endpoints. An attacker can cause the server process to enter an infinite loop and hang,...

Exploit for CVE-2025-55182

CVE-2025-55182 React2Shell Detection Tool Detection tools for...

GHSA-WR66-VRWM-5G5X Denial of Service Vulnerability in next.js

Impact Vulnerable code could allow a bad actor to trigger a denial of service attack for anyone running a Next.js app at version = 12.0.0, and using i18n functionality. - Affected: All of the following must be true to be affected by this CVE - Next.js versions above v12.0.0 - Using next start or ...

@nteract/commuter (=5.6.9), @nteract/play (=1.6.8) +4 more potentially affected by CVE-2018-18282 via next (>=7.0.0 <=7.0.1)

next NPM version =7.0.0, =7.0.0, =0.30.0, =2.0.0, =0.1.1, =0.1.4 Source cves: CVE-2018-18282 Source advisory: OSV:GHSA-QW96-MM2G-C8M7...

CVE-1999-1391

Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions...