Auto-update jsrepository

repository/jsrepository-master.json

@@ -8343,6 +8343,14 @@
           {
             "atOrAbove": "10.0.0",
             "below": "16.1.7"
+          },
+          {
+            "atOrAbove": "16.0.0-beta.0",
+            "below": "16.1.7"
+          },
+          {
+            "atOrAbove": "10.0.0",
+            "below": "15.5.14"
           }
         ],
         "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",

repository/jsrepository-v2.json

@@ -9274,6 +9274,26 @@
           "https://github.com/vercel/next.js/releases/tag/v16.1.7"
         ]
       },
+      {
+        "atOrAbove": "10.0.0",
+        "below": "15.5.14",
+        "severity": "medium",
+        "cwe": [
+          "CWE-400"
+        ],
+        "identifiers": {
+          "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+          "githubID": "GHSA-3x4c-7xq6-9pq8",
+          "CVE": [
+            "CVE-2026-27980"
+          ]
+        },
+        "info": [
+          "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+          "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+          "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+        ]
+      },
       {
         "atOrAbove": "15.6.0-canary.0",
         "below": "15.6.0-canary.59",
@@ -9605,6 +9625,26 @@
           "https://github.com/vercel/next.js/releases/tag/v16.1.7"
         ]
       },
+      {
+        "atOrAbove": "16.0.0-beta.0",
+        "below": "16.1.7",
+        "severity": "medium",
+        "cwe": [
+          "CWE-400"
+        ],
+        "identifiers": {
+          "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+          "githubID": "GHSA-3x4c-7xq6-9pq8",
+          "CVE": [
+            "CVE-2026-27980"
+          ]
+        },
+        "info": [
+          "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+          "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+          "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+        ]
+      },
       {
         "atOrAbove": "16.0.0-beta.0",
         "below": "16.1.7",

repository/jsrepository-v3.json

@@ -9436,6 +9436,26 @@
             "https://github.com/vercel/next.js/releases/tag/v16.1.7"
           ]
         },
+        {
+          "atOrAbove": "10.0.0",
+          "below": "15.5.14",
+          "severity": "medium",
+          "cwe": [
+            "CWE-400"
+          ],
+          "identifiers": {
+            "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+            "githubID": "GHSA-3x4c-7xq6-9pq8",
+            "CVE": [
+              "CVE-2026-27980"
+            ]
+          },
+          "info": [
+            "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+            "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+            "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+          ]
+        },
         {
           "atOrAbove": "15.6.0-canary.0",
           "below": "15.6.0-canary.59",
@@ -9767,6 +9787,26 @@
             "https://github.com/vercel/next.js/releases/tag/v16.1.7"
           ]
         },
+        {
+          "atOrAbove": "16.0.0-beta.0",
+          "below": "16.1.7",
+          "severity": "medium",
+          "cwe": [
+            "CWE-400"
+          ],
+          "identifiers": {
+            "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+            "githubID": "GHSA-3x4c-7xq6-9pq8",
+            "CVE": [
+              "CVE-2026-27980"
+            ]
+          },
+          "info": [
+            "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+            "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+            "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+          ]
+        },
         {
           "atOrAbove": "16.0.0-beta.0",
           "below": "16.1.7",

repository/jsrepository-v4.json

@@ -9435,6 +9435,26 @@
           "https://github.com/vercel/next.js/releases/tag/v16.1.7"
         ]
       },
+      {
+        "atOrAbove": "10.0.0",
+        "below": "15.5.14",
+        "severity": "medium",
+        "cwe": [
+          "CWE-400"
+        ],
+        "identifiers": {
+          "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+          "githubID": "GHSA-3x4c-7xq6-9pq8",
+          "CVE": [
+            "CVE-2026-27980"
+          ]
+        },
+        "info": [
+          "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+          "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+          "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+        ]
+      },
       {
         "atOrAbove": "15.6.0-canary.0",
         "below": "15.6.0-canary.59",
@@ -9766,6 +9786,26 @@
           "https://github.com/vercel/next.js/releases/tag/v16.1.7"
         ]
       },
+      {
+        "atOrAbove": "16.0.0-beta.0",
+        "below": "16.1.7",
+        "severity": "medium",
+        "cwe": [
+          "CWE-400"
+        ],
+        "identifiers": {
+          "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+          "githubID": "GHSA-3x4c-7xq6-9pq8",
+          "CVE": [
+            "CVE-2026-27980"
+          ]
+        },
+        "info": [
+          "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+          "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+          "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+        ]
+      },
       {
         "atOrAbove": "16.0.0-beta.0",
         "below": "16.1.7",

repository/jsrepository-v5-combined.json

@@ -9442,6 +9442,26 @@
             "https://github.com/vercel/next.js/releases/tag/v16.1.7"
           ]
         },
+        {
+          "atOrAbove": "10.0.0",
+          "below": "15.5.14",
+          "severity": "medium",
+          "cwe": [
+            "CWE-400"
+          ],
+          "identifiers": {
+            "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+            "githubID": "GHSA-3x4c-7xq6-9pq8",
+            "CVE": [
+              "CVE-2026-27980"
+            ]
+          },
+          "info": [
+            "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+            "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+            "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+          ]
+        },
         {
           "atOrAbove": "15.6.0-canary.0",
           "below": "15.6.0-canary.59",
@@ -9773,6 +9793,26 @@
             "https://github.com/vercel/next.js/releases/tag/v16.1.7"
           ]
         },
+        {
+          "atOrAbove": "16.0.0-beta.0",
+          "below": "16.1.7",
+          "severity": "medium",
+          "cwe": [
+            "CWE-400"
+          ],
+          "identifiers": {
+            "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+            "githubID": "GHSA-3x4c-7xq6-9pq8",
+            "CVE": [
+              "CVE-2026-27980"
+            ]
+          },
+          "info": [
+            "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+            "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+            "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+          ]
+        },
         {
           "atOrAbove": "16.0.0-beta.0",
           "below": "16.1.7",

repository/jsrepository-v5.json

@@ -9441,6 +9441,26 @@
           "https://github.com/vercel/next.js/releases/tag/v16.1.7"
         ]
       },
+      {
+        "atOrAbove": "10.0.0",
+        "below": "15.5.14",
+        "severity": "medium",
+        "cwe": [
+          "CWE-400"
+        ],
+        "identifiers": {
+          "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+          "githubID": "GHSA-3x4c-7xq6-9pq8",
+          "CVE": [
+            "CVE-2026-27980"
+          ]
+        },
+        "info": [
+          "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+          "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+          "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+        ]
+      },
       {
         "atOrAbove": "15.6.0-canary.0",
         "below": "15.6.0-canary.59",
@@ -9772,6 +9792,26 @@
           "https://github.com/vercel/next.js/releases/tag/v16.1.7"
         ]
       },
+      {
+        "atOrAbove": "16.0.0-beta.0",
+        "below": "16.1.7",
+        "severity": "medium",
+        "cwe": [
+          "CWE-400"
+        ],
+        "identifiers": {
+          "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+          "githubID": "GHSA-3x4c-7xq6-9pq8",
+          "CVE": [
+            "CVE-2026-27980"
+          ]
+        },
+        "info": [
+          "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+          "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+          "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+        ]
+      },
       {
         "atOrAbove": "16.0.0-beta.0",
         "below": "16.1.7",

repository/jsrepository.json

@@ -9206,6 +9206,26 @@
           "https://github.com/vercel/next.js/releases/tag/v16.1.7"
         ]
       },
+      {
+        "atOrAbove": "10.0.0",
+        "below": "15.5.14",
+        "severity": "medium",
+        "cwe": [
+          "CWE-400"
+        ],
+        "identifiers": {
+          "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+          "githubID": "GHSA-3x4c-7xq6-9pq8",
+          "CVE": [
+            "CVE-2026-27980"
+          ]
+        },
+        "info": [
+          "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+          "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+          "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+        ]
+      },
       {
         "atOrAbove": "15.6.0-canary.0",
         "below": "15.6.0-canary.59",
@@ -9537,6 +9557,26 @@
           "https://github.com/vercel/next.js/releases/tag/v16.1.7"
         ]
       },
+      {
+        "atOrAbove": "16.0.0-beta.0",
+        "below": "16.1.7",
+        "severity": "medium",
+        "cwe": [
+          "CWE-400"
+        ],
+        "identifiers": {
+          "summary": "## Summary\nThe default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth.\n\n## Impact\nAn attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.\n\n## Patches\nFixed by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Periodically clean `.next/cache/images`.\n- Reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`)",
+          "githubID": "GHSA-3x4c-7xq6-9pq8",
+          "CVE": [
+            "CVE-2026-27980"
+          ]
+        },
+        "info": [
+          "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
+          "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
+          "https://github.com/vercel/next.js/releases/tag/v16.1.7"
+        ]
+      },
       {
         "atOrAbove": "16.0.0-beta.0",
         "below": "16.1.7",