Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

vercel — Vulnerabilities & Security Advisories 35

Browse all 35 CVE security advisories affecting vercel. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Vercel operates as a cloud platform for frontend development, primarily hosting static sites and serverless functions. With thirty-five recorded Common Vulnerabilities and Exposures, the platform has historically faced issues ranging from Cross-Site Scripting (XSS) to Remote Code Execution (RCE). These vulnerabilities often stem from complex dependency chains or misconfigured serverless environments rather than fundamental architectural flaws. Notable incidents have included data exposure risks due to improper header configurations and potential privilege escalation through flawed API access controls. While the platform emphasizes rapid deployment, its reliance on third-party libraries and dynamic runtime environments introduces attack surfaces that require rigorous input validation and secure coding practices. Security audits frequently highlight the need for strict isolation between tenant environments to prevent cross-tenant data leakage, ensuring that the convenience of serverless architecture does not compromise overall system integrity.

Top products by vercel: next.js next ms pkg flags hyper AI SDK Nuxt Devtools
CVE IDTitleCVSSSeverityPublished
CVE-2026-29057 Next.js: HTTP request smuggling in rewrites — next.jsCWE-444 9.1 -2026-03-18
CVE-2026-27980 Next.js: Unbounded next/image disk cache growth can exhaust storage — next.jsCWE-400 6.5 -2026-03-18
CVE-2026-27979 Next.js: Unbounded postponed resume buffering can lead to DoS — next.jsCWE-770 5.4 -2026-03-18
CVE-2026-27978 Next.js: null origin can bypass Server Actions CSRF checks — next.jsCWE-352 8.8 -2026-03-17
CVE-2026-27977 Next.js: null origin can bypass dev HMR websocket CSRF checks — next.jsCWE-1385 7.1 -2026-03-17
CVE-2025-59471 Next.js 安全漏洞 — next 5.9 Medium2026-01-26
CVE-2025-59472 Next.js 安全漏洞 — next 5.9 Medium2026-01-26
CVE-2025-48985 AI SDK 安全漏洞 — AI SDK 3.7 Low2025-11-07
CVE-2025-52662 Nuxt DevTools 安全漏洞 — Nuxt Devtools 6.9 Medium2025-11-07
CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes — next.jsCWE-524 6.2 Medium2025-08-29
CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization — next.jsCWE-20 4.3 Medium2025-08-29
CVE-2025-57822 Next.js Improper Middleware Redirect Handling Leads to SSRF — next.jsCWE-918 6.5 Medium2025-08-29
CVE-2025-7074 vercel hyper rimraf-standalone.js ignoreMap redos — hyperCWE-1333 4.3 Medium2025-07-05
CVE-2025-49826 Next.js DoS vulnerability via cache poisoning — next.jsCWE-444 7.5 High2025-07-03
CVE-2025-49005 Next.js cache poisoning due to omission of Vary header — next.jsCWE-444 3.7 Low2025-07-03
CVE-2025-48068 Information exposure in Next.js dev server due to lack of origin verification — next.jsCWE-1385 2.5AILowAI2025-05-30
CVE-2025-32421 Next.js Race Condition to Cache Poisoning — next.jsCWE-362 3.7 Low2025-05-14
CVE-2025-46332 Information Disclosure via Flags override link — flagsCWE-200 6.5 Medium2025-05-02
CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts — next.jsCWE-200 7.5AIHighAI2025-04-02
CVE-2025-29927 Authorization Bypass in Next.js Middleware — next.jsCWE-285 9.1 Critical2025-03-21
CVE-2024-56332 Next.js Vulnerable to Denial of Service (DoS) with Server Actions — next.jsCWE-770 5.3 Medium2025-01-03
CVE-2024-51479 Authorization bypass in Next.js — next.jsCWE-285 7.5 High2024-12-17
CVE-2024-47831 Next.js image optimization has Denial of Service condition — next.jsCWE-674 5.9 Medium2024-10-14
CVE-2024-46982 Cache Poisoning in next.js — next.jsCWE-639 7.5 High2024-09-17
CVE-2024-39693 Next.js Denial of Service (DoS) condition — next.jsCWE-400 7.5 High2024-07-10
CVE-2024-34351 Next.js Server-Side Request Forgery in Server Actions — next.jsCWE-918 7.5 High2024-05-09
CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling — next.jsCWE-444 7.5 High2024-05-09
CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg — pkgCWE-276 6.6 Medium2024-02-09
CVE-2017-20162 vercel ms index.js parse redos — msCWE-1333 4.3 Medium2023-01-05
CVE-2022-36046 Unexpected server crash in Next.js version 12.2.3 — next.jsCWE-248 5.3 Medium2022-08-31

This page lists every published CVE security advisory associated with vercel. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.