pkg:npm/@perfood/couch-auth

All known vulnerabilities

• CRITICAL9.3CVE-2025-70948@perfood/couch-auth has a host header injection vulnerability
  from 0, <= 0.26.0
• HIGH8.1CVE-2023-39655CouchAuth host header injection vulnerability leaks the password reset token
  from 0, <= 0.20.0
• HIGH7.5CVE-2025-70949@perfood/couch-auth has an Observable Timing Discrepancy
  from 0, <= 0.26.0
• MEDIUM4.3CouchAuth has a Server-Side Template Injection vulnerability in its email functionality
  from 0, <= 0.21.2
• —@perfood/couch-auth may expose session tokens, passwords
  from 0, <= 0.21.2