https://isitpatched.com/nextjs Security alerts for Next.js: newly-exploited CVEs and end-of-life events from IsItPatched. en Compiled by IsItPatched (isitpatched.com) from NVD, CISA KEV, EPSS and endoflife.date. IsItPatched (https://isitpatched.com) https://www.rssboard.org/rss-specification 15 https://isitpatched.com/icon-192.png https://isitpatched.com/nextjs Tue, 16 Jun 2026 22:43:52 GMT https://isitpatched.com/cve/CVE-2026-44578 nextjs|CVE-2026-44578 Severity: High (CVSS 8.6) · Server-side request forgery (SSRF) · EPSS 3% High IsItPatched Wed, 13 May 2026 18:16:17 GMT https://isitpatched.com/cve/CVE-2026-44575 nextjs|CVE-2026-44575 Severity: High (CVSS 7.5) · CWE-288 · EPSS 1% High IsItPatched Wed, 13 May 2026 17:16:22 GMT https://isitpatched.com/cve/CVE-2025-67779 nextjs|CVE-2025-67779 Severity: High (CVSS 7.5) · Insecure deserialization · EPSS 19% High IsItPatched Fri, 12 Dec 2025 00:15:46 GMT https://isitpatched.com/cve/CVE-2025-55184 nextjs|CVE-2025-55184 Severity: High (CVSS 7.5) · Insecure deserialization · EPSS 66% High IsItPatched Thu, 11 Dec 2025 20:16:00 GMT https://isitpatched.com/cve/CVE-2025-55183 nextjs|CVE-2025-55183 Severity: Medium (CVSS 5.3) · EPSS 62% Medium IsItPatched Thu, 11 Dec 2025 20:16:00 GMT https://isitpatched.com/cve/CVE-2025-55182 nextjs|CVE-2025-55182 Severity: Critical (CVSS 10) · Insecure deserialization · Actively exploited (CISA KEV) · Ransomware-linked · EPSS 100% Exploited IsItPatched Wed, 03 Dec 2025 16:15:56 GMT https://isitpatched.com/cve/CVE-2025-57822 nextjs|CVE-2025-57822 Severity: Medium (CVSS 6.5) · Server-side request forgery (SSRF) · EPSS 2% Medium IsItPatched Fri, 29 Aug 2025 22:15:32 GMT https://isitpatched.com/cve/CVE-2025-49826 nextjs|CVE-2025-49826 Severity: High (CVSS 7.5) · CWE-444 · EPSS 1% High IsItPatched Thu, 03 Jul 2025 21:15:27 GMT https://isitpatched.com/cve/CVE-2025-29927 nextjs|CVE-2025-29927 Severity: Critical (CVSS 9.1) · CWE-285 · EPSS 93% Critical IsItPatched Fri, 21 Mar 2025 15:15:42 GMT https://isitpatched.com/cve/CVE-2024-51479 nextjs|CVE-2024-51479 Severity: High (CVSS 7.5) · CWE-285 · EPSS 4% High IsItPatched Tue, 17 Dec 2024 19:15:06 GMT https://isitpatched.com/cve/CVE-2024-46982 nextjs|CVE-2024-46982 Severity: High (CVSS 7.5) · Authorization bypass · EPSS 58% High IsItPatched Tue, 17 Sep 2024 22:15:02 GMT https://isitpatched.com/cve/CVE-2024-34351 nextjs|CVE-2024-34351 Severity: High (CVSS 7.5) · Server-side request forgery (SSRF) · EPSS 5% High IsItPatched Tue, 14 May 2024 15:38:42 GMT https://isitpatched.com/cve/CVE-2024-34350 nextjs|CVE-2024-34350 Severity: High (CVSS 7.5) · CWE-444 · EPSS 1% High IsItPatched Tue, 14 May 2024 15:38:41 GMT https://isitpatched.com/cve/CVE-2023-46298 nextjs|CVE-2023-46298 Severity: High (CVSS 7.5) · EPSS 1% High IsItPatched Sun, 22 Oct 2023 03:15:07 GMT https://isitpatched.com/cve/CVE-2022-36046 nextjs|CVE-2022-36046 Severity: Medium (CVSS 5.3) · CWE-248 · EPSS 1% Medium IsItPatched Wed, 31 Aug 2022 19:15:08 GMT https://isitpatched.com/cve/CVE-2022-23646 nextjs|CVE-2022-23646 Severity: Medium (CVSS 5.9) · CWE-451 · EPSS 2% Medium IsItPatched Thu, 17 Feb 2022 21:15:07 GMT https://isitpatched.com/cve/CVE-2022-21721 nextjs|CVE-2022-21721 Severity: Medium (CVSS 5.9) · EPSS 2% Medium IsItPatched Fri, 28 Jan 2022 22:15:16 GMT https://isitpatched.com/cve/CVE-2021-43803 nextjs|CVE-2021-43803 Severity: High (CVSS 7.5) · Improper input validation · EPSS 45% High IsItPatched Fri, 10 Dec 2021 00:15:11 GMT https://isitpatched.com/cve/CVE-2021-39178 nextjs|CVE-2021-39178 Severity: High (CVSS 7.5) · Cross-site scripting (XSS) · EPSS 1% High IsItPatched Tue, 31 Aug 2021 00:15:07 GMT https://isitpatched.com/cve/CVE-2021-37699 nextjs|CVE-2021-37699 Severity: Medium (CVSS 6.9) · CWE-601 · EPSS 1% Medium IsItPatched Thu, 12 Aug 2021 00:15:06 GMT