FLAT-DK2VC (MAL-2026-5265)
Use of software with malware In node-env-resolver-nextjs
5.2
Medium
Ecosystem: Npm
Package: node-env-resolver-nextjs
FLAT-T8NKP (MAL-2026-5076)
Use of software with malware In private-next-instrumentation-client
5.2
Medium
Ecosystem: Npm
Package: private-next-instrumentation-client
FLAT-Z0SPU (MAL-2026-4483)
Use of software with malware In arnext-arkb
5.2
Medium
Ecosystem: Npm
Package: arnext-arkb
FLAT-3P9MC (MAL-2026-4538)
Use of software with malware In create-arnext-app
5.2
Medium
Ecosystem: Npm
Package: create-arnext-app
FLAT-7YEXW (MAL-2026-4482)
Use of software with malware In arnext
5.2
Medium
Ecosystem: Npm
Package: arnext
FLAT-L7MP9 (MAL-2026-4193)
Use of software with malware In private-next-pages
5.2
Medium
Ecosystem: Npm
Package: private-next-pages
FLAT-ZHR1A (MAL-2026-3749)
Use of software with malware In @webapp-next/store
5.2
Medium
Ecosystem: Npm
Package: @webapp-next/store
FLAT-4SJZ5 (MAL-2026-3589)
Use of software with malware In nextmove-mcp
5.2
Medium
Ecosystem: Npm
Package: nextmove-mcp
FLAT-2ICAV (CVE-2026-44580)
Reflected cross-site scripting (XSS) In next
0.6
Low
Ecosystem: Npm
Package: next
FLAT-Q1N4Z (GHSA-8h8q-6873-q5fj)
Asymmetric denial of service In next
7.7
High
Ecosystem: Npm
Package: next
FLAT-ATUQP (CVE-2025-63706)
Server side template injection In @jswork/next-npm-version
9.1
Critical
Ecosystem: Npm
Package: @jswork/next-npm-version
FLAT-Q6D66 (GHSA-4c35-wcg5-mm9h)
Prototype Pollution In next-intl
3.7
Low
Ecosystem: Npm
Package: next-intl
FLAT-TIO8E (MAL-2026-3281)
Use of software with malware In pos-next-react-native
5.2
Medium
Ecosystem: Npm
Package: pos-next-react-native
FLAT-Y02RY (MAL-2026-3241)
Use of software with malware In nextjs-chat-with-ai-service
5.2
Medium
Ecosystem: Npm
Package: nextjs-chat-with-ai-service
FLAT-L7QTP (CVE-2026-42353)
Lack of data validation - Path Traversal In i18next-http-middleware
6.9
Medium
Ecosystem: Npm
Package: i18next-http-middleware
FLAT-U77NF (MAL-2026-3025)
Use of software with malware In next-rwa
5.2
Medium
Ecosystem: Npm
Package: next-rwa
FLAT-N6VY3 (CVE-2026-41885)
Lack of data validation - Path Traversal In i18next-locize-backend
1.7
Low
Ecosystem: Npm
Package: i18next-locize-backend
FLAT-26EWR (CVE-2026-41683)
Reflected cross-site scripting (XSS) In i18next-http-middleware
6.9
Medium
Ecosystem: Npm
Package: i18next-http-middleware
FLAT-AF2ZE (CVE-2026-41693)
Lack of data validation - Path Traversal In i18next-fs-backend
8.3
High
Ecosystem: Npm
Package: i18next-fs-backend
FLAT-1RSA6 (CVE-2026-41692)
Lack of data validation - Modify DOM Elements In i18nextify
2.7
Low
Ecosystem: Npm
Package: i18nextify
FLAT-2MJWS (CVE-2026-41691)
Lack of data validation - Path Traversal In i18next-http-backend
6.6
Medium
Ecosystem: Npm
Package: i18next-http-backend
FLAT-ZAHN0 (CVE-2026-41690)
Prototype Pollution In i18next-http-middleware
8.1
High
Ecosystem: Npm
Package: i18next-http-middleware
FLAT-3UM89 (CVE-2026-40155)
Authentication mechanism absence or evasion In @auth0/nextjs-auth0
4.0
Medium
Ecosystem: Npm
Package: @auth0/nextjs-auth0
FLAT-U0TDO (MAL-2026-2861)
Use of software with malware In vinext-monorepo
5.2
Medium
Ecosystem: Npm
Package: vinext-monorepo
FLAT-67HLW (MAL-2026-2855)
Use of software with malware In react-resource-router-next
5.2
Medium
Ecosystem: Npm
Package: react-resource-router-next
FLAT-O7REK (CVE-2026-41248)
Authentication mechanism absence or evasion In @clerk/nextjs
4.8
Medium
Ecosystem: Npm
Package: @clerk/nextjs
FLAT-8B6CW (MAL-2026-2768)
Use of software with malware In h3-next
5.2
Medium
Ecosystem: Npm
Package: h3-next
FLAT-7MO1J (MAL-2026-2587)
Use of software with malware In @kucoin-gbiz-next/tools
5.2
Medium
Ecosystem: Npm
Package: @kucoin-gbiz-next/tools
FLAT-RW07F (CVE-2026-40299)
Uncontrolled external site redirect In next-intl
2.7
Low
Ecosystem: Npm
Package: next-intl
FLAT-E5OKS (GHSA-q4gf-8mx6-v5v3)
Asymmetric denial of service In next
7.7
High
Ecosystem: Npm
Package: next
FLAT-JQNVE (CVE-2021-32707)
Business information leak In nextcloud-app-mail
2.7
Low
Ecosystem: Alpm
Package: nextcloud-app-mail
FLAT-7O0RJ (CVE-2021-39220)
Business information leak In nextcloud-app-mail
2.7
Low
Ecosystem: Alpm
Package: nextcloud-app-mail
FLAT-XXWWL (CVE-2020-36193)
Lack of data validation - Path Traversal In nextcloud
6.6
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-YEGDH (CVE-2021-22879)
Lack of data validation In nextcloud-client
6.3
Medium
Ecosystem: Alpm
Package: nextcloud-client
FLAT-G5EVJ (CVE-2021-22895)
Insecure digital certificates In nextcloud-client
6.3
Medium
Ecosystem: Alpm
Package: nextcloud-client
FLAT-C0Q1R (CVE-2021-37631)
Business information leak In nextcloud-app-deck
2.7
Low
Ecosystem: Alpm
Package: nextcloud-app-deck
FLAT-7PW9T (CVE-2021-32610)
Insecure session management In nextcloud
5.8
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-6BO0V (CVE-2021-22915)
Asymmetric denial of service - ReDoS In nextcloud
4.4
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-8HHED (CVE-2021-32653)
Asymmetric denial of service - ReDoS In nextcloud
4.4
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-UY3W5 (CVE-2021-32654)
Security controls bypass or absence In nextcloud
4.5
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-30CES (CVE-2021-32655)
Asymmetric denial of service - ReDoS In nextcloud
4.4
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-RNMFS (CVE-2021-32656)
Asymmetric denial of service - ReDoS In nextcloud
2.7
Low
Ecosystem: Alpm
Package: nextcloud
FLAT-BGSUA (CVE-2021-32657)
Asymmetric denial of service - ReDoS In nextcloud
2.7
Low
Ecosystem: Alpm
Package: nextcloud
FLAT-W6CC6 (CVE-2021-32678)
Asymmetric denial of service - ReDoS In nextcloud
4.4
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-OLR6N (CVE-2021-32679)
Lack of multi-factor authentication In nextcloud
5.8
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-IE6OQ (CVE-2021-32680)
Asymmetric denial of service - ReDoS In nextcloud
2.7
Low
Ecosystem: Alpm
Package: nextcloud
FLAT-8F5F8 (CVE-2021-32688)
Asymmetric denial of service - ReDoS In nextcloud
2.7
Low
Ecosystem: Alpm
Package: nextcloud
FLAT-2GBAD (CVE-2021-32703)
Security controls bypass or absence In nextcloud
4.5
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-G7UH9 (CVE-2021-32705)
Asymmetric denial of service - ReDoS In nextcloud
4.4
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-9AK55 (CVE-2021-32725)
Asymmetric denial of service - ReDoS In nextcloud
4.5
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-LWGT9 (CVE-2021-32726)
Asymmetric denial of service - ReDoS In nextcloud
4.4
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-4FWCX (CVE-2021-32733)
Asymmetric denial of service - ReDoS In nextcloud
2.7
Low
Ecosystem: Alpm
Package: nextcloud
FLAT-TERU0 (CVE-2021-32734)
Asymmetric denial of service - ReDoS In nextcloud
4.4
Medium
Ecosystem: Alpm
Package: nextcloud
FLAT-ORQQU (CVE-2021-32741)
Security controls bypass or absence In nextcloud
2.7
Low
Ecosystem: Alpm
Package: nextcloud
FLAT-ILLP6 (CVE-2026-35394)
Server-side request forgery (SSRF) In @mobilenext/mobile-mcp
8.4
High
Ecosystem: Npm
Package: @mobilenext/mobile-mcp
FLAT-D10UW (CVE-2026-34748)
Server side cross-site scripting In @payloadcms/next
5.7
Medium
Ecosystem: Npm
Package: @payloadcms/next
FLAT-XZ3DE (CVE-2026-33989)
Lack of data validation - Path Traversal In @mobilenext/mobile-mcp
5.7
Medium
Ecosystem: Npm
Package: @mobilenext/mobile-mcp
FLAT-TZC4Z (MAL-2026-1797)
Use of software with malware In nextiva-dot-com
5.2
Medium
Ecosystem: Npm
Package: nextiva-dot-com
FLAT-9V20A (CVE-2026-27980)
Improper resource allocation In next
2.7
Low
Ecosystem: Npm
Package: next
FLAT-NRGPN (CVE-2026-3125)
Server-side request forgery (SSRF) In @opennextjs/cloudflare
4.4
Medium
Ecosystem: Npm
Package: @opennextjs/cloudflare
FLAT-3CXT9 (CVE-2026-28474)
Spoofing In @openclaw/nextcloud-talk
8.0
High
Ecosystem: Npm
Package: @openclaw/nextcloud-talk
FLAT-7C1XF (CVE-2026-0969)
Server side template injection In next-mdx-remote
8.4
High
Ecosystem: Npm
Package: next-mdx-remote
FLAT-5M5LI (MAL-2026-760)
Use of software with malware In @helloflex/widget-next-sdk
5.2
Medium
Ecosystem: Npm
Package: @helloflex/widget-next-sdk
FLAT-S2CQP (JS-I18NEXT-1065979)
Prototype Pollution In i18next
0.6
Low
Ecosystem: Npm
Package: i18next
FLAT-HUKNV (GHSA-h25m-26qc-wcjf)
Asymmetric denial of service - ReDoS In next
7.7
High
Ecosystem: Npm
Package: next
FLAT-44K36 (CVE-2025-59472)
Asymmetric denial of service In next
6.3
Medium
Ecosystem: Npm
Package: next
FLAT-GNUQG (CVE-2025-59471)
Asymmetric denial of service In next
6.3
Medium
Ecosystem: Npm
Package: next
FLAT-YGHQW (GHSA-5j59-xgg2-r9c4)
Asymmetric denial of service - ReDoS In next
6.3
Medium
Ecosystem: Npm
Package: next
FLAT-3NFYO (GHSA-w37m-7fhw-fmv9)
Insecure deserialization In next
2.7
Low
Ecosystem: Npm
Package: next
FLAT-3RBIL (GHSA-mwv6-3258-q52c)
Asymmetric denial of service - ReDoS In next
7.7
High
Ecosystem: Npm
Package: next
FLAT-QP77U (CVE-2025-67716)
Lack of data validation In @auth0/nextjs-auth0
1.2
Low
Ecosystem: Npm
Package: @auth0/nextjs-auth0
FLAT-PBHTX (CVE-2025-67490)
Authentication mechanism absence or evasion In @auth0/nextjs-auth0
3.8
Low
Ecosystem: Npm
Package: @auth0/nextjs-auth0
FLAT-VOJE4 (CVE-2025-66549)
Sensitive information stored in logs In nextcloud-desktop
1.0
Low
Ecosystem: Debian
Package: nextcloud-desktop
FLAT-EPB6U (GHSA-9qr9-h5gf-34mp)
Insecure deserialization In next
8.4
High
Ecosystem: Npm
Package: next
FLAT-CXHE5 (CVE-2025-13984)
Lack of data validation In drupal/next
2.7
Low
Ecosystem: Packagist
Package: drupal/next
FLAT-IMGFJ (CVE-2025-66478)
Insecure deserialization In next
9.1
Critical
Ecosystem: Npm
Package: next
FLAT-G6TEX (MAL-2025-190981)
Use of software with malware In next-styled-nprogress
5.2
Medium
Ecosystem: Npm
Package: next-styled-nprogress
FLAT-MHSLI (MAL-2025-190980)
Use of software with malware In next-simple-google-analytics
5.2
Medium
Ecosystem: Npm
Package: next-simple-google-analytics
FLAT-5S48F (MAL-2025-190979)
Use of software with malware In next-circular-dependency
5.2
Medium
Ecosystem: Npm
Package: next-circular-dependency
FLAT-57C4M (CVE-2025-65944)
Sensitive information sent insecurely In @sentry/nextjs
1.2
Low
Ecosystem: Npm
Package: @sentry/nextjs
FLAT-7CHSE (MAL-2025-190886)
Use of software with malware In @posthog/nextjs
5.2
Medium
Ecosystem: Npm
Package: @posthog/nextjs
FLAT-NEAD9 (MAL-2025-190887)
Use of software with malware In @posthog/nextjs-config
5.2
Medium
Ecosystem: Npm
Package: @posthog/nextjs-config
FLAT-CEBHR (MAL-2025-190741)
Use of software with malware In @ensdomains/vite-plugin-i18next-loader
5.2
Medium
Ecosystem: Npm
Package: @ensdomains/vite-plugin-i18next-loader
FLAT-B0PF7 (MAL-2025-190755)
Use of software with malware In @seung-ju/next
5.2
Medium
Ecosystem: Npm
Package: @seung-ju/next
FLAT-HRM2N (CVE-2025-64762)
Cached form fields In @workos-inc/authkit-nextjs
8.0
High
Ecosystem: Npm
Package: @workos-inc/authkit-nextjs
FLAT-P6B78 (MAL-2025-190574)
Use of software with malware In kc-next
5.2
Medium
Ecosystem: Npm
Package: kc-next
FLAT-94CD3 (MAL-2025-190573)
Use of software with malware In gbiz-next
5.2
Medium
Ecosystem: Npm
Package: gbiz-next
FLAT-CTZO0 (MAL-2025-190082)
Use of software with malware In upgrade-async-forever-nextjs
5.2
Medium
Ecosystem: Npm
Package: upgrade-async-forever-nextjs
FLAT-0GEKJ (MAL-2025-190231)
Use of software with malware In wasat-cosmochemistry-nucleosynthesis-nextjs
5.2
Medium
Ecosystem: Npm
Package: wasat-cosmochemistry-nucleosynthesis-nextjs
FLAT-1JFM3 (MAL-2025-188265)
Use of software with malware In nextjs-octans-interferometry-fusion
5.2
Medium
Ecosystem: Npm
Package: nextjs-octans-interferometry-fusion
FLAT-SPAHM (MAL-2025-188262)
Use of software with malware In nextjs-event-chromedriver-pm2
5.2
Medium
Ecosystem: Npm
Package: nextjs-event-chromedriver-pm2
FLAT-TNDB6 (MAL-2025-186701)
Use of software with malware In electron-builder-pipe-markdownlint-nextjs
5.2
Medium
Ecosystem: Npm
Package: electron-builder-pipe-markdownlint-nextjs
FLAT-EDCS6 (MAL-2025-187066)
Use of software with malware In fusion-nextjs-iota-materialize
5.2
Medium
Ecosystem: Npm
Package: fusion-nextjs-iota-materialize
FLAT-45Z8E (MAL-2025-189932)
Use of software with malware In thuban-charon-uninstall-nextjs
5.2
Medium
Ecosystem: Npm
Package: thuban-charon-uninstall-nextjs
FLAT-P9UKC (MAL-2025-188268)
Use of software with malware In nextjs-sagitta-backend-nightwatch
5.2
Medium
Ecosystem: Npm
Package: nextjs-sagitta-backend-nightwatch
FLAT-05BIU (MAL-2025-187015)
Use of software with malware In forever-webpack-whitedwarf-nextjs
5.2
Medium
Ecosystem: Npm
Package: forever-webpack-whitedwarf-nextjs
FLAT-AYAJY (MAL-2025-186407)
Use of software with malware In csrf-callisto-hapi-nextjs
5.2
Medium
Ecosystem: Npm
Package: csrf-callisto-hapi-nextjs
FLAT-M153H (MAL-2025-188263)
Use of software with malware In nextjs-google-transport-markdownlint
5.2
Medium
Ecosystem: Npm
Package: nextjs-google-transport-markdownlint
FLAT-E6760 (MAL-2025-188270)
Use of software with malware In nextjs-stratigraphy-stratigraphy-oauth
5.2
Medium
Ecosystem: Npm
Package: nextjs-stratigraphy-stratigraphy-oauth
FLAT-A8L8H (MAL-2025-187461)
Use of software with malware In indus-triton-polaris-nextjs
5.2
Medium
Ecosystem: Npm
Package: indus-triton-polaris-nextjs