{"ecosystem":"npm","package":"next","version":null,"bugs":[{"id":4,"ecosystem":"npm","package_name":"next","affected_version":"14.1.0","fixed_version":"14.1.1","bug_id":"github:#62600","title":"Server Action redirect bypasses middleware","description":"CVE-2024-34351 — a redirect inside a Server Action can bypass authentication middleware. Upgrade to 14.1.1 or later.","severity":"high","status":"closed","source":"github_issues","source_url":"https://github.com/vercel/next.js/issues/62600","labels":["security","server-actions"],"created_at":"2026-04-19 02:03:59.601677+00:00","updated_at":"2026-04-19 02:03:59.601677+00:00"},{"id":11,"ecosystem":"npm","package_name":"next","affected_version":"15.0.0","fixed_version":"15.0.1","bug_id":"github:#71755","title":"next/image with remotePatterns and query strings returns 404 on edge","description":"Images matched by remotePatterns that included query strings in the src returned 404 when deployed to the Edge runtime in 15.0.0. Fixed in 15.0.1.","severity":"medium","status":"closed","source":"github_issues","source_url":"https://github.com/vercel/next.js/issues/71755","labels":["bug","image","edge"],"created_at":"2026-04-19 03:24:37.014060+00:00","updated_at":"2026-04-19 03:25:24.799169+00:00"},{"id":12,"ecosystem":"npm","package_name":"next","affected_version":"15.1.0 - 15.1.2","fixed_version":"15.1.3","bug_id":"github:#74523","title":"Server Action with useActionState loses state on navigation","description":"Calling a Server Action via useActionState and then navigating with next/link reset the returned state. Fixed in 15.1.3.","severity":"low","status":"closed","source":"github_issues","source_url":"https://github.com/vercel/next.js/issues/74523","labels":["bug","server-actions"],"created_at":"2026-04-19 03:24:37.015606+00:00","updated_at":"2026-04-19 03:25:24.800559+00:00"}],"total":3,"_cache":"hit"}