Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nextauthjs — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting nextauthjs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

NextAuth.js provides authentication and session management for web applications, particularly popular with Next.js frameworks. Historically, it has faced vulnerabilities across multiple classes including remote code execution, cross-site scripting, and privilege escalation, often stemming from misconfigurations or insecure default settings. The project maintains a security-focused approach with regular updates and a dedicated security team, though its widespread adoption has made it a target for exploitation. While no single major incident stands out, the accumulation of 10 CVEs highlights the importance of proper implementation and timely updates when using this authentication solution.

Top products by nextauthjs: next-auth
CVE IDTitleCVSSSeverityPublished
CVE-2023-48309 next-auth vulnerable to possible user mocking that bypasses basic authentication — next-authCWE-285 5.3 Medium2023-11-20
CVE-2023-27490 Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth — next-authCWE-384 8.1 High2023-03-09
CVE-2022-39263 NextAuth.js Upstash Adapter missing token verification — next-authCWE-287 6.8 Medium2022-09-28
CVE-2022-35924 Verification requests (magic link) sent to unwanted emails — next-authCWE-20 9.1 Critical2022-08-02
CVE-2022-31186 Leakage of excessive information into log in next-auth — next-authCWE-532 3.3 Low2022-08-01
CVE-2022-31127 Improper handling of email input in next-auth — next-authCWE-79 7.1 High2022-07-06
CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth — next-authCWE-754 7.5 High2022-06-27
CVE-2022-29214 URL Redirection to Untrusted Site ('Open Redirect') in next-auth — next-authCWE-601 6.1 Medium2022-05-20
CVE-2022-24858 Default redirect callback vulnerable to open redirects — next-authCWE-290 6.1 Medium2022-04-19
CVE-2021-21310 Token verification bug in next-auth — next-authCWE-290 6.1 Medium2021-02-11

This page lists every published CVE security advisory associated with nextauthjs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.