Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

JavaScript Library

Next.js

Next.js gives you the best developer experience with all the features you need for production: hybrid static amp server rendering TypeScript support smart bundling route pre-fetching and more.

Official Site:

https://nextjs.org/

Severity Summary:

Critical: 2 High: 26 Medium: 20 Low: 3
Reference
Title
Severity
CVE-2025-55182
Next.js Deserialization of Untrusted Data Vulnerability
Critical
CVE-2025-29927
Authorization Bypass in Next.js Middleware
Critical
CVE-2024-34351
Next.js Server-Side Request Forgery (SSRF) Vulnerability
High
CVE-2026-44574
Next.js Authentication Bypass Using an Alternate Path or Channel Vulnerability
High
CVE-2025-59471
Next.js Uncontrolled Resource Consumption Vulnerability
High
CVE-2025-67779
Next.js Deserialization of Untrusted Data Vulnerability
High
CVE-2026-27979
Next.js Allocation of Resources Without Limits or Throttling Vulnerability
High
CVE-2025-55184
Next.js Deserialization of Untrusted Data Vulnerability
High
CVE-2024-34350
Next.js Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability
High
CVE-2024-39693
Next.js Uncontrolled Resource Consumption Vulnerability
High
CVE-2024-46982
Next.js Authorization Bypass Through User-Controlled Key Vulnerability
High
CVE-2024-51479
Next.js Incorrect Authorization Vulnerability
High
CVE-2026-45109
Next.js Authentication Bypass Using an Alternate Path or Channel Vulnerability
High
CVE-2026-44575
Next.js Authentication Bypass Using an Alternate Path or Channel Vulnerability
High
CVE-2026-27980
Next.js Uncontrolled Resource Consumption Vulnerability
High
CVE-2025-49826
Next.js Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability
High
CVE-2026-44573
Next.js Incorrect Authorization Vulnerability
High
CVE-2025-57822
Next.js Server-Side Request Forgery (SSRF) Vulnerability
High
CVE-2018-6184
Next.js Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2017-16877
Next.js Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2026-44578
Next.js Server-Side Request Forgery (SSRF) Vulnerability
High
CVE-2022-23646
Next.js User Interface (UI) Misrepresentation of Critical Information Vulnerability
High
CVE-2021-43803
Next.js Vulnerability
High
CVE-2026-44579
Next.js Allocation of Resources Without Limits or Throttling Vulnerability
High
CVE-2025-59472
Next.js Uncontrolled Resource Consumption Vulnerability
High
CVE-2022-21721
Next.js Vulnerability
High
CVE-2023-46298
Next.js Vulnerability
High
CVE-2024-47831
Next.js Uncontrolled Recursion Vulnerability
High
CVE-2026-44580
Next.js Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2026-44581
Next.js Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium