Browse all 35 CVE security advisories affecting Vercel. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Vercel operates as a cloud platform for frontend development, primarily hosting static sites and serverless functions. With thirty-five recorded Common Vulnerabilities and Exposures, the platform has historically faced issues ranging from Cross-Site Scripting (XSS) to Remote Code Execution (RCE). These vulnerabilities often stem from complex dependency chains or misconfigured serverless environments rather than fundamental architectural flaws. Notable incidents have included data exposure risks due to improper header configurations and potential privilege escalation through flawed API access controls. While the platform emphasizes rapid deployment, its reliance on third-party libraries and dynamic runtime environments introduces attack surfaces that require rigorous input validation and secure coding practices. Security audits frequently highlight the need for strict isolation between tenant environments to prevent cross-tenant data leakage, ensuring that the convenience of serverless architecture does not compromise overall system integrity.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-23646 | Improper CSP in Image Optimization API for Next.js — next.jsCWE-451 | 5.9 | Medium | 2022-02-17 |
| CVE-2021-43803 | Unexpected server crash in Next.js — next.jsCWE-20 | 7.5 | High | 2021-12-09 |
| CVE-2021-39178 | XSS in Image Optimization API for Next.js versions between 10.0.0 and 11.1.0 — next.jsCWE-79 | 7.5 | High | 2021-08-30 |
| CVE-2021-37699 | Open Redirect in Next.js versions below 11.1.0 — next.jsCWE-601 | 6.9 | Medium | 2021-08-11 |
| CVE-2020-15242 | Open Redirect in Next.js — next.jsCWE-601 | 4.7 | Medium | 2020-10-08 |
This page lists every published CVE security advisory associated with Vercel. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.