Aigent.ly

Threat Intelligence

Live CVE feed

136 threats tracked across 6 launch stacks — sourced from NVD, GHSA, CISA KEV, and OSV.

Stack exposure — click to filter✕ Clear stack filter
Next.js
3crit/37high
Express / Node.js
6crit/15high
FastAPI / Python
2crit/8high
NestJS
0crit/12high
Nuxt
2crit/15high
React SPA
0crit/20high
AllCritical + HighCriticalHighMediumLow
3threats · Next.js · Critical
Get guardrails →
CriticalCVE-2025-55182
2 rules

React Server Components are Vulnerable to RCE

Impact There is an unauthenticated remote code execution vulnerability in React Server Components. We recommend upgrading immediately. The vulnerability is present in versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of: react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack Patches A fix was introduced in versions 19.0.1, 19.1.2, and 19.2.1. If you are using any of the above packages please upgrade to any of the fixed versions immediately. If your app’s React code does not use a server, your app is not affected by this vulnerability. If your app does not use a framework, bundler, or bundler plugin that supports React Server Components, your app is not affected by this vulnerability. References See the blog post for more information and upgrade instructions.

OWASP A08OWASP WEB
Get guardrail →
CriticalGHSA-9qr9-h5gf-34mp
2 rules

Next.js is vulnerable to RCE in React flight protocol

A vulnerability affects certain React packages<sup>1</sup> for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55182. Fixed in: React: 19.0.1, 19.1.2, 19.2.1 Next.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7, 15.6.0-canary.58, 16.1.0-canary.12+ The vulnerability also affects experimental canary releases starting with 14.3.0-canary.77. Users on any of the 14.3 canary builds should either downgrade to a 14.x stable release or 14.3.0-canary.76. All users of stable 15.x or 16.x Next.js versions should upgrade to a patched, stable version immediately. <sup>1</sup> The affected React packages are: react-server-dom-parcel react-server-dom-turbopack react-server-dom-webpack

OWASP A08OWASP WEB
Get guardrail →
CriticalCVE-2025-29927
2 rules

Authorization Bypass in Next.js Middleware

Impact It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. Patches For Next.js 15.x, this issue is fixed in 15.2.3 For Next.js 14.x, this issue is fixed in 14.2.25 For Next.js 13.x, this issue is fixed in 13.5.9 For Next.js 12.x, this issue is fixed in 12.3.5 For Next.js 11.x, consult the below workaround. _Note: Next.js deployments hosted on Vercel are automatically protected against this vulnerability.

OWASP A01OWASP LLM06OWASP WEB
Get guardrail →

Showing 13 of 3 threats