Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
npm/next-auth — 9 CVEs · VulnScope
pkg:npm/
next-auth
9 total CVEs
CRITICAL
1
HIGH
3
MEDIUM
3
LOW
1
✅ Check your installed version
Check
All known vulnerabilities
CRITICAL
9.1
CVE-2022-35924
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
>= 4.0.0, < 4.10.3
HIGH
8.1
CVE-2023-27490
Missing proper state, nonce and PKCE checks for OAuth authentication
from 0, < 4.20.1
HIGH
7.5
Improper Handling of `callbackUrl` parameter in next-auth
from 0, < 3.29.5
HIGH
7.1
Improper handling of email input
from 0, < 3.29.8
MEDIUM
6.1
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
from 0, < 3.29.3
MEDIUM
6.1
NextAuth.js default redirect callback vulnerable to open redirects
from 0, < 3.29.2
MEDIUM
5.3
Possible user mocking that bypasses basic authentication
from 0, < 4.24.5
LOW
3.3
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
from 0, < 3.29.9
—
Token verification bug in next-auth
from 0, < 3.3.0
CVE-2022-31093
CVE-2022-31127
CVE-2022-29214
CVE-2022-24858
CVE-2023-48309
CVE-2022-31186
CVE-2021-21310