Vulnerabilities in Vercel
54 resultsCVE-2026-44576MEDIUMNext.js: Cache poisoning in React Server Component responsesEPSS 0.3%CVE-2025-48985LOWA vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypEPSS 0.2%CVE-2024-24828MEDIUMLocal Privilege Escalation in execuatables bundled by pkgEPSS 0.2%CVE-2026-44581MEDIUMNext.js: Cross-site scripting in App Router applications using CSP noncesEPSS 0.2%CVE-2026-44580MEDIUMNext.js: Cross-site scripting in beforeInteractive scripts with untrusted inputEPSS 0.2%CVE-2025-52662MEDIUMA vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under EPSS 0.2%CVE-2026-44582LOWNext.js: Cache poisoning via collisions in React Server Component cache-bustingEPSS 0.2%CVE-2026-27978MEDIUMNext.js: null origin can bypass Server Actions CSRF checksEPSS 0.2%CVE-2026-44572LOWNext.js: Middleware / Proxy redirects can be cache-poisonedEPSS 0.2%CVE-2026-27977LOWNext.js: null origin can bypass dev HMR websocket CSRF checksEPSS 0.2%CVE-2025-48068LOWInformation exposure in Next.js dev server due to lack of origin verificationEPSS 0.2%CVE-2026-44479MEDIUMVercel: Non-interactive mode includes CLI arguments in suggested command outputEPSS 0.2%CVE-2026-46508HIGHTurborepo: VSCode Extension command injectionEPSS 0.2%CVE-2026-45773MEDIUMTurborepo: Login callback CSRF/session fixationEPSS 0.1%