EN / KO

Framework Security Advisories

Curated CVE and migration guides for npm packages. Use the version diagnosis to instantly check whether your project is affected.

Severity

Package

Status

Sort:

HIGH CVSS 7.5

Next.js May 2026 Coordinated Security Release (13 advisories)

next-2026-05-release

Package:: next
Published:: May 6, 2026
Status:: Active

View advisory →

HIGH CVSS 7.5

Next.js App Router Middleware Bypass (CVE-2026-44575)

CVE-2026-44575 · GHSA-267c-6grr-h53f

Package:: next
Published:: May 6, 2026
Status:: Active

View advisory →

HIGH CVSS 7.5

React Server Components Denial of Service (CVE-2026-23870)

CVE-2026-23870 · GHSA-rv78-f8rc-xrxh

Package:: react-server-dom-webpack
Published:: May 6, 2026
Status:: Active

View advisory →

HIGH CVSS 7.5

React Server Components Multiple DoS (CVE-2026-23864)

CVE-2026-23864 · GHSA-83fc-fqcc-2hmg

Package:: react-server-dom-webpack
Published:: Jan 26, 2026
Status:: Active

View advisory →

CRITICAL CVSS 10

Next.js React Server Components RCE (CVE-2025-55182)

CVE-2025-55182 · GHSA-9qr9-h5gf-34mp

Package:: next
Published:: Dec 3, 2025
Status:: Active

View advisory →

CRITICAL CVSS 9.1

Next.js Middleware Authorization Bypass (CVE-2025-29927)

CVE-2025-29927 · GHSA-f82v-jwr5-mffw

Package:: next
Published:: Mar 21, 2025
Status:: Active

View advisory →