next has 5 known vulnerabilities on the latest version (16.2.4). DepScope rates its health at 85/100 (low risk).

What is the latest version of next?

The latest version of next is 16.2.4, released 2026-04-15.

Does next have known vulnerabilities?

Yes. next has 5 known vulnerabilities. See depscope.dev/pkg/npm/next for details.

No, next is actively maintained. Latest release: 16.2.4 (2026-04-15).

What are alternatives to next?

Popular alternatives to next in npm include: ?., ansi-styles, brace-expansion, strip-ansi, lru-cache.

next — Health Score 85/100

npmv16.2.4

The React Framework

License MITpermissive3746 versions3 maintainers6 deps36,660,402 weekly dl

vercel/next.js

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 16.1.0-canary.17 to fix known vulnerabilities

2 high severity vulnerabilities

Health breakdown0 – 100

25/25

maintenance

20/20

popularity

11/25

security

15/15

maturity

14/15

community

Vulnerabilities

2 high2 medium1 low

Advisories (5)

Severity	ID	Summary	Fixed in
medium	CVE-2025-59472	Next.js has Unbounded Memory Consumption via PPR Resume Endpoint	15.6.0-canary.61
high	GHSA-5j59-xgg2-r9c4	Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up	16.1.0-canary.19
low	CVE-2023-46298	Next.js missing cache-control header may lead to CDN caching empty reply	13.4.20-canary.13
high	GHSA-mwv6-3258-q52c	Next Vulnerable to Denial of Service with Server Components	16.1.0-canary.17
medium	GHSA-w37m-7fhw-fmv9	Next Server Actions Source Code Exposure	16.1.0-canary.17

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

Quality signals

OSS Criticality

0.80critical

Download trend

stable(0%)

Publish security

npm attested

Health History

Dependency Tree

License Audit

Dependencies (6)

postcss @next/env styled-jsx @swc/helpers caniuse-lite baseline-browser-mapping

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/next