+

Security

SECURITY.md

Reporting Security Issues

If you believe you have found a security vulnerability, we encourage you to let us know right away.

We will investigate all legitimate reports and do our best to quickly fix the problem.

Please report any vulnerabilities in our open source repositories to responsible.disclosure@vercel.com.

Improper Middleware Redirect Handling Leads to SSRF
GHSA-4342-x723-ch2f published Aug 29, 2025 by aaronbrown-vercel

Moderate
Content Injection for Image Optimization
GHSA-xv57-4mr9-wg8v published Aug 29, 2025 by aaronbrown-vercel

Moderate
Cache Key Confusion for Image Optimization API Routes
GHSA-g5qg-72qw-gw5v published Aug 29, 2025 by aaronbrown-vercel

Moderate
Cache poisoning due to omission of Vary header
GHSA-r2fc-ccr8-96c4 published Jul 3, 2025 by ztanner

Low
DoS via cache poisoning
GHSA-67rr-84xm-4c7r published Jul 3, 2025 by ztanner

High
x-middleware-subrequest-id may be leaked to external hosts
GHSA-223j-4rm8-mrmf published Apr 2, 2025 by aaronbrown-vercel

Low
Race condition to Cache Poisoning
GHSA-qpjv-v59x-3qc4 published May 14, 2025 by aaronbrown-vercel

Low
Authorization Bypass in Next.js Middleware
GHSA-f82v-jwr5-mffw published Mar 21, 2025 by Unknown

Critical
Information exposure in Next.js dev server due to lack of origin verification
GHSA-3h52-269p-cp9r published May 28, 2025 by aaronbrown-vercel

Low
Denial of Service (DoS) with Server Actions
GHSA-7m27-7ghc-44w9 published Jan 3, 2025 by ztanner

Moderate

Learn more about advisories related to vercel/next.js in the GitHub Advisory Database

点击这是indexloc提供的php浏览器服务，不要输入任何密码和下载