To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.

All security vulnerabilities will be promptly verified and addressed.

Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through the npm contact form by selecting "I'm reporting a security vulnerability".

While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Next and other dependencies by maintaining lock files (yarn.lock, package-lock.json and pnpm-lock.yaml) in order to ensure your application remains as secure as possible.