CVE library
Plain-English walk-throughs of the CVEs that matter most for AI-built apps on Next.js, Supabase, and Node.js. Each page covers what the bug is, what an attacker gets, how to fix it, and how Securie catches it automatically.
CVE-2025-29927 — Next.js middleware authentication bypass
An unauthenticated attacker can bypass any Next.js middleware — including authentication — by sending a single HTTP header. Affects all self-hosted Next.js applications below the patched versions.
CVE-2025-48757 — Lovable project-enumeration exposure
Lovable's project API exposed project metadata (name, slug, collaborator emails, GitHub repo ID, Firebase token scope) without verifying ownership. Affected 170+ apps at disclosure time and — per Cyber Kendra's April 2026 report — re-broke after the initial patch.
CVE-2024-39338 — Axios SSRF via absolute URL
A Server-Side Request Forgery vulnerability in the axios HTTP client allowed path-relative URLs to be silently converted into absolute URLs targeting attacker-controlled infrastructure.
CVE-2024-28849 — Follow-Redirects credential forwarding
follow-redirects forwarded the Authorization header to cross-origin redirects, leaking credentials to attacker-controlled hosts during ordinary HTTP client use (including via Axios).
CVE-2024-52798 — path-to-regexp ReDoS
A regular-expression denial-of-service (ReDoS) in path-to-regexp allowed attacker-supplied route patterns to trigger catastrophic backtracking, hanging the Node.js event loop.
CVE-2025-27210 — Node.js HTTP request-smuggling
Node's HTTP parser accepted whitespace between Content-Length and its value, enabling request-smuggling attacks through intermediaries that parse the header strictly.
CVE-2024-46982 — Next.js cache poisoning via path confusion
A cache-poisoning vulnerability in Next.js App Router let an attacker cause a pageProps JSON response to be cached against an HTML route, returning raw JSON to every subsequent visitor of that URL.
CVE-2024-34351 — Next.js Server Actions SSRF
Next.js Server Actions with `redirect()` could be manipulated to issue server-side requests to attacker-controlled hosts, enabling SSRF against internal infrastructure from the Next.js server.
CVE-2024-47831 — Next.js image optimization DoS
An unauthenticated attacker could exhaust CPU by requesting the image-optimization endpoint with crafted remote URLs that forced expensive decode + re-encode cycles on the Next.js server.
CVE-2024-51479 — Next.js authorization bypass via static path rewrite
A path-rewrite issue in Next.js allowed requests to bypass authorization middleware on routes that used `pages/api` + specific rewrite patterns.
CVE-2024-4067 — micromatch ReDoS
A regular-expression denial-of-service in `micromatch` — used by many build tools including webpack, Jest, and framework CLIs — allowed attacker-supplied glob patterns to hang the process.
CVE-2024-4068 — braces ReDoS (build-time DoS)
A ReDoS in the `braces` package — pulled transitively by virtually every Node project via micromatch — allowed malicious brace patterns to hang parser processes.
CVE-2024-45590 — body-parser DoS via deeply nested URL-encoded input
A DoS vulnerability in `body-parser` allowed an attacker to exhaust event-loop time by sending a request with deeply nested `application/x-www-form-urlencoded` input.
CVE-2024-43796 — Express open redirect
An open-redirect issue in Express's `res.location()` + `res.redirect()` let attacker-supplied input control the target of a redirect, enabling phishing campaigns that appear to originate from the trusted app.
CVE-2024-43799 — send directory traversal
A path-traversal bug in the `send` module — used by Express's static file server — could allow reading files outside the configured root under specific path configurations.
CVE-2024-43800 — serve-static path confusion
A path-handling issue in serve-static could allow serving unintended files to clients that crafted specific URL encodings, especially when used behind a reverse proxy that preserved encoded slashes.
CVE-2024-37890 — ws WebSocket DoS
The `ws` WebSocket library allocated a large buffer for handshake headers without bounds-checking, allowing an attacker to exhaust memory by sending crafted request headers.
CVE-2024-28176 — jose (JWT library) compressed-payload DoS
The `jose` JWT library (used by next-auth and Clerk and others) decompressed JWE tokens without size limits, allowing a compressed-payload DoS.
CVE-2024-29415 — ip SSRF allowlist bypass
The `ip` npm package — often used to determine whether an IP is 'private' for SSRF defense — could be bypassed by octal / hexadecimal / zero-padded encodings, rendering SSRF allowlists incomplete.
CVE-2023-26136 — tough-cookie prototype pollution
A prototype-pollution vulnerability in tough-cookie — used inside every major HTTP client (axios, got, request) — could let malicious cookies pollute `Object.prototype`, changing application behavior downstream.
CVE-2024-21538 — cross-spawn ReDoS
A ReDoS in cross-spawn — used inside most CLI tooling in the Node ecosystem — allowed crafted command-line arguments to hang the parser.
CVE-2024-47068 — Rollup dev-mode XSS
A development-mode XSS in Rollup's sourcemap handling could execute attacker-controlled JavaScript in the browser of a developer serving a poisoned sourcemap.
CVE-2023-49090 — Vite arbitrary file read
Vite's dev server could be tricked into returning arbitrary local files to a crafted URL request, exposing secrets, SSH keys, or other filesystem content.
CVE-2024-47875 — DOMPurify bypass on sandboxed iframes
A DOMPurify bypass let an attacker smuggle executable JavaScript through the sanitizer under specific parser conditions, re-enabling XSS in apps that relied on DOMPurify as the only defense.
CVE-2024-28863 — node-tar DoS via malformed header
node-tar could be forced to allocate arbitrary memory on malformed tar headers, enabling a DoS on any server that accepted uploaded tarballs (npm registry, Docker-adjacent tooling, generic file import).
CVE-2024-22195 — Jinja2 XSS via xmlattr filter
A cross-site scripting vulnerability in Jinja2's `xmlattr` filter let attacker-controlled attribute keys inject arbitrary HTML attributes, re-enabling XSS in Flask and FastAPI apps that used the filter.
CVE-2023-44270 — PostCSS newline parsing bypass
A newline-parsing issue in PostCSS could let attacker-controlled CSS bypass sanitization, potentially enabling CSS-injection attacks in applications that accepted user CSS.
CVE-2024-35255 — Azure Identity library credential leakage
The Azure Identity library for Node.js logged credentials in specific debug paths, risking exposure of tokens in application logs when diagnostic logging was enabled.
CVE-2024-27982 — Node.js HTTP request-smuggling via space in Content-Length
Node.js's HTTP parser accepted a space between the Content-Length header value and its name, enabling request-smuggling attacks through misaligned reverse proxies.
CVE-2024-27983 — Node.js HTTP/2 DoS via unauthenticated reset-stream flood
An unauthenticated HTTP/2 rapid-reset attack against Node.js could cause 100% CPU on the server with a small number of concurrent connections, effectively DoS'ing every Node.js HTTP/2 endpoint.
CVE-2024-30171 — Bouncy Castle timing side-channel
A timing side-channel in Bouncy Castle's RSA-PKCS#1 v1.5 implementation could allow an attacker to recover key material or plaintext through repeated oracle queries.
CVE-2024-24549 — Apache Tomcat HTTP/2 DoS
An HTTP/2 rapid-reset variant specific to Tomcat's connector caused unbounded CPU consumption, allowing a small attacker to saturate a Tomcat-fronted application.
CVE-2024-21490 — Angular.js ReDoS in inline formatter
A ReDoS in Angular.js's input-type handling lets crafted user input block the browser render loop on legacy Angular.js apps.
CVE-2024-45296 — path-to-regexp outage-backtracking variant
A second ReDoS pattern in path-to-regexp affecting route definitions with optional parameters, discovered after the primary CVE-2024-52798.
CVE-2024-32421 — Next.js race condition in cached fetch
A race condition in Next.js's cached-fetch implementation could let concurrent requests observe incomplete or mixed responses under high concurrency.
CVE-2024-39884 — Apache HTTP Server cache-key confusion
A cache-key confusion in Apache mod_cache could let a request with a specific Content-Type serve cached content intended for a different handler, potentially leaking sensitive payloads.
CVE-2025-24840 — supabase-js session-refresh race condition
A race condition in supabase-js's automatic session-refresh logic could cause two tabs of the same user to receive access tokens belonging to different refresh cycles, confusing server-side authorization state.
CVE-2024-21656 — Turborepo path traversal in cached outputs
Turborepo's remote-cache implementation allowed crafted cache entries to escape the expected output directory, writing arbitrary files on a developer's machine when restoring the cache.
CVE-2024-42005 — Django QuerySet SQL injection via JSON key lookups
A SQL injection in Django's QuerySet.values() + JSON key lookups with untrusted input allowed attacker-controlled lookup paths to append arbitrary SQL.
CVE-2024-45231 — Django reset-password user enumeration
Django's password-reset view returned different responses for valid vs invalid email addresses, enabling user enumeration.
CVE-2024-38475 — Apache httpd mod_rewrite file-system escape
A mod_rewrite misconfiguration under certain rule patterns allowed attackers to escape the document root and serve arbitrary files from the filesystem.
CVE-2024-32002 — Git RCE via case-insensitive filesystem symlink
On case-insensitive filesystems (Windows, macOS default), Git could be tricked into writing outside the repo root via submodule + symlink tricks, enabling RCE on clone.
CVE-2024-37891 — urllib3 proxy-auth credential leak through redirects
urllib3 forwarded Proxy-Authorization headers on cross-origin redirects, leaking proxy credentials to attacker-controlled hosts.
CVE-2024-6345 — Python setuptools RCE via package_index
A remote code execution in setuptools's package_index module allowed malicious package URLs to execute arbitrary code during dependency resolution.
CVE-2024-39689 — certifi removed GLOBALTRUST CA without updating pinned certs
certifi (Python's root CA bundle) retained the GLOBALTRUST 2020 CA after its removal from Mozilla's trust store, potentially allowing certs issued by a distrusted CA to be accepted.
CVE-2024-29025 — Netty HttpPostRequestDecoder DoS
Netty's multipart request decoder allocated memory without bounds, enabling DoS via crafted multipart uploads.
CVE-2024-47178 — Nuxt devtools prototype pollution
Nuxt devtools had a prototype-pollution in its dev-mode route handler that could escalate to RCE on the developer's machine when the dev server was exposed.
CVE-2024-41818 — fast-xml-parser ReDoS
A ReDoS in fast-xml-parser allowed crafted XML input to hang the parser, DoS'ing any Node.js service parsing untrusted XML.
CVE-2024-50379 — Apache Tomcat JSP TOCTOU RCE
A time-of-check / time-of-use race in Tomcat's JSP handling on case-insensitive filesystems could allow RCE via specially-crafted JSP uploads.
CVE-2024-56204 — Composer cache-poisoning RCE
A cache-poisoning vulnerability in Composer (PHP dependency manager) could let a malicious package poison a victim's cache, resulting in RCE on subsequent installs.
CVE-2024-47076 — CUPS IPP request input validation
A remote unauthenticated RCE in CUPS's IPP handling affected Linux systems with CUPS listening on UDP port 631. Part of a multi-CVE CUPS disclosure including CVE-2024-47175, 47176, 47177.
CVE-2025-0411 — 7-Zip Mark-of-the-Web bypass
7-Zip failed to propagate the Windows Mark-of-the-Web (MotW) to files extracted from archives, bypassing Windows SmartScreen protections on malicious downloads.
CVE-2024-39338 — Axios protocol-confusion SSRF
A variant of the earlier axios SSRF (CVE-2024-39338) affecting later Node.js versions via protocol downgrade from https to http under specific redirect chains.
CVE-2024-27980 — Node.js Windows command injection via child_process
On Windows, Node.js's child_process.spawn with shell:false still invoked cmd.exe for .bat and .cmd files, allowing argument-injection attacks.
CVE-2024-30260 — undici header scrubbing bypass
undici (Node.js HTTP client) failed to scrub certain auth headers on cross-origin redirects, leaking credentials similar to the follow-redirects bug.
CVE-2024-22257 — Spring Security authorization bypass
A broken-authorization bug in Spring Security's AuthenticatedVoter let unauthenticated requests pass through specific pre-authorization rules under JSR-250 annotations.
CVE-2024-27281 — Ruby RDoc command injection via documentation build
Ruby's built-in RDoc tool could be tricked into executing arbitrary shell commands when building documentation with crafted source filenames.
CVE-2024-7254 — Protocol Buffers StackOverflow DoS
Any protobuf-based RPC or serialization could be forced into deep recursion via crafted input, triggering a StackOverflowError and killing the JVM.
Anthropic MCP — design-level RCE on 200,000+ servers (April 2026)
OX Security disclosed a design-level flaw in MCP architecture: local-process execution runs before failed-connection error returns. Malicious config strings execute on the host before the protocol layer can reject the connection — Arbitrary Command Execution on every system running a vulnerable MCP implementation.
MCP Tool Poisoning — embedded malicious instructions in tool descriptions
Tool poisoning embeds malicious instructions inside MCP tool descriptions. The instructions are invisible to users browsing the tool catalog but interpreted by the AI model when the tool is invoked. Particularly dangerous in hosted MCP scenarios where tool definitions can mutate post-install (the 'rug-pull' pattern).
MCP Sampling Attack — agent-side resource theft + conversation hijacking
MCP sampling allows servers to request additional model calls during a session. The protocol relies on an implicit trust model and lacks robust built-in security controls. Attackers exploit this for resource theft (drain compute quota), conversation hijacking (inject persistent instructions), and covert tool invocation (hidden tool calls + filesystem operations).
Class vulnerability — Supabase tables shipped without RLS
Class vulnerability — new Supabase tables default to RLS-OFF. Without explicit RLS enable, the anon_key (public by design) reads every row.
CVE-2024-32002 — Git RCE via case-insensitive filesystem
Git submodule clone with case-confusing names allows hook execution outside .git/.
CVE-2024-3094 — XZ Utils backdoor
Multi-year supply-chain compromise injected backdoor into liblzma; SSH server affected.
Class vulnerability — Cursor / Claude Code dot-directory credential capture
AI coding tools capture credentials into .cursor/.claude/.continue/. Not added to .gitignore by default = shipped to npm/git.
CVE-2024-21683 — Confluence RCE
Authenticated RCE in Confluence — admin can execute arbitrary code via 'New Macro Language' configuration.
CVE-2024-50379 — Apache Tomcat RCE
TOCTOU race in case-insensitive filesystem JSP processing → RCE.
CVE-2024-43044 — Jenkins arbitrary file read via Agent connection
Arbitrary file read on Jenkins controller via Remoting protocol.
Class vulnerability — Stripe webhook handlers without idempotency
Stripe retries failed webhook deliveries. Handlers without idempotency double-process events; attackers replay events for credit/refund manipulation.
Class vulnerability — Indirect prompt injection via document upload
User uploads PDF/doc with adversarial instructions in hidden text. Agent reads + complies.
Class vulnerability — Vercel env vars leaked via build logs
Vercel build logs are accessible to project members; env vars without 'Sensitive' flag appear in build output.
Class vulnerability — pull_request_target with secret leak
pull_request_target gives the workflow access to repo secrets; checking out the PR head ref can run attacker code with secrets in env.
Class vulnerability — Supabase anon_key + DATABASE_URL in client bundle
Server-only DATABASE_URL accidentally prefixed NEXT_PUBLIC_ / PUBLIC_ / VITE_ ships connection string in client bundle.
Class vulnerability — AI agent shell execution scope creep
AI agents with shell-execution capability + production credentials = SaaStr-Lemkin / PocketOS-class disasters.
Class vulnerability — OpenAI Assistants API thread history leakage via leaked key
Leaked OpenAI key with team-account scope can read every Assistant thread + attached file.
Class vulnerability — Slopsquatting (LLM-hallucinated package names)
Slopsquatting is a 2025-coined supply-chain class (Seth Larson) where an LLM hallucinates a plausible-looking package name that does not exist in the registry; an attacker pre-registers the hallucinated name with a malicious payload; the next developer who runs the AI-suggested install command pulls the malware. Distinct from typosquatting (which mimics an existing real package).