Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm next-auth Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS12NjR3LTQ5eHctcXE4Oc4AA3R1
Possible user mocking that bypasses basic authentication
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS03cjd4LTRjNHEtYzRxZs4AAyE2
Missing proper state, nonce and PKCE checks for OAuth authentication
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wNm1tLTI3Z3EtOXYzcM4AAt2a
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14djk3LWM2MnYtNDU4N84AAtxf
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wZ2p4LTdmOWctOTQ2M84AAtHy
Improper handling of email input
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nNWZtLWpwOXYtMjQzMs4AAs5b
Improper Handling of `callbackUrl` parameter in next-auth
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xMm14LWo0eDItMmg3NM4AArBA
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mOXdnLTVmNDYtY2ptd80_pg
NextAuth.js default redirect callback vulnerable to open redirects
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnNTMtNTZjZy00bThx
Token verification bug in next-auth
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: about 3 years ago
Statistics
Advisories: 17,221
Packages: 7,995
Repositories: 1
Ecosystems: 12
Filter by Package
parse-server 29 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 sequelize 16 directus 16 tinymce 14 swagger-ui 14 strapi 13 next 13 ckeditor4 13 ghost 13 vm2 12 marked 11 handlebars 11 angular 11 nodebb 11 undici 10 @evershop/evershop 9 tinymce/tinymce 9 TinyMCE 9 next-auth 9 serve 9 jquery 9 jquery-rails 9 org.webjars.npm:jquery 9 urijs 8 bootstrap 8 systeminformation 8 @strapi/strapi 8 steal 8 node-forge 8 npm 8 jsrsasign 8 joplin 8 url-parse 8 editor.md 8 validator 8 matrix-js-sdk 8 jQuery 8 hermes-engine 7 nocodb 7 tar 7 jquery-ui 7 matrix-react-sdk 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 total.js 7 lodash 7 shescape 7 snyk-broker 7 hapi 7 aaptjs 6 safe-eval 6 express-cart 6 rsshub 6 parse-url 6 sanitize-html 6 matrix-appservice-irc 6 public 5 rendertron 5 prismjs 5 sweetalert2 5 openpgp 5 total4 5 dojo 5 yarn 5 ua-parser-js 5 @strapi/plugin-users-permissions 5 keystone 5 lodash-es 5 auth0-lock 4 mermaid 4 apollo-server-core 4 valine 4 hummus 4 jsonwebtoken 4 ws 4 muhammara 4 generator-jhipster 4 vditor 4 fastify 4 vega 4 engine.io 4 moment 4 realms-shim 4 simple-git 4 safer-eval 4 axios 4 @keystone-6/core 4 katex 4 simple-markdown 4 apostrophe 4 materialize-css 4 mongo-express 4 dompurify 4 uptime-kuma 4 meshcentral 4 glance 4 xlsx 4 auth0-js 4 remarkable 4 ecstatic 4 @backstage/plugin-scaffolder-backend 4 ejs 4 qs 4 vite 4 aws-iot-device-sdk-v2 4 follow-redirects 4 mongoose 4 awsiotsdk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 jose-node-cjs-runtime 3 node-jose 3 slpjs 3 grunt 3 notevil 3 xdLocalStorage 3 ses 3 fast-xml-parser 3 @uppy/companion 3 tough-cookie 3 mathjs 3 json-pointer 3 socket.io-file 3 convict 3 parsel 3 sails 3 jose-node-esm-runtime 3 mixme 3 highcharts 3 socket.io-parser 3 @vrite/sdk 3 @apollo/server 3 localhost-now 3 node-fetch 3 json-ptr 3 ftp-srv 3 mxgraph 3 node-opcua 3 postcss 3 nodemailer 3 @frangoteam/fuxa 3 fuxa-server 3 yapi-vendor 3 @strapi/utils 3 @backstage/techdocs-common 3 blamer 3 keycloak-connect 3 bootstrap 3 simplehttpserver 3 @ckeditor/ckeditor5-markdown-gfm 3 @sveltejs/kit 3 raneto 3 dojox 3 immer 3 xmldom 3 froala-editor 3 mysql 3 connect 3 jose 3 stimulsoft-dashboards-js 3 wrangler 3 ids-enterprise 3 nadesiko3 3 @materializecss/materialize 3 code-server 3 js-yaml 3 @soketi/soketi 3 bin-links 3 snyk 3 protobufjs 3 subtext 3 apollo-server 3 http-live-simulator 3 org.webjars.npm:xlsx 3 uap-core 3 @hapi/subtext 3 dns-sync 3 node-red-dashboard 3 bson 3 @commercial/subtext 3 slp-validate 3 jspdf 3 passport-wsfed-saml2 3 docsify 3 m-server 3 serialize-to-js 3 n8n 3 express-fileupload 3 @sequelize/core 3 feathers-sequelize 3 convert-svg-core 3 node-ipc 3 openmct 3 buttle 3 @cubejs-backend/api-gateway 3 locutus 3 typeorm 3