nextjs-security
Safeguard articles tagged "nextjs-security" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Next.js Security Best Practices: Middleware, Server Components, and Secrets
CVE-2025-29927 let attackers skip Next.js middleware with a single header. Here is where App Router security actually breaks and how to lock it down.
Securing Next.js applications and middleware
CVE-2025-29927 let attackers bypass Next.js middleware auth with one header. Here's how that and three other real CVEs expose middleware, Server Actions, and caching.
React Server Components RCE vulnerability advisory
CVE-2025-29927 lets attackers bypass Next.js middleware auth with a forged header — a chain that can escalate to full RCE on React Server Components apps.
JavaScript frameworks security report
Safeguard's H1 2026 audit finds 61% of JS repos ship a high-severity framework CVE, with a 47-day median patch lag attackers routinely beat.