Skip to main content

Next Auth

9 CVEs product

Monthly

CVE-2023-48309 npm MEDIUM PATCH This Month

NextAuth.js provides authentication for Next.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Next Auth
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-27490 npm HIGH POC PATCH This Week

NextAuth.js is an open source authentication solution for Next.js applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Next Auth
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-39263 npm HIGH PATCH This Week

`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Redis Next Auth
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-35924 npm CRITICAL PATCH Act Now

NextAuth.js is a complete open source authentication solution for Next.js applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Next Auth
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-31127 npm MEDIUM POC PATCH This Month

NextAuth.js is a complete open source authentication solution for Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Next Auth
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-31093 npm HIGH PATCH This Week

NextAuth.js is a complete open source authentication solution for Next.js applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Next Auth
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-29214 npm MEDIUM PATCH This Month

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Next Auth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24858 npm MEDIUM PATCH This Month

next-auth v3 users before version 3.29.2 are impacted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Next Auth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-21310 npm MEDIUM POC PATCH This Month

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Next Auth
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

NextAuth.js provides authentication for Next.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Next Auth
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

NextAuth.js is an open source authentication solution for Next.js applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Next Auth
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Redis Next Auth
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

NextAuth.js is a complete open source authentication solution for Next.js applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Next Auth
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

NextAuth.js is a complete open source authentication solution for Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Next Auth
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

NextAuth.js is a complete open source authentication solution for Next.js applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Next Auth
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Next Auth
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

next-auth v3 users before version 3.29.2 are impacted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Next Auth
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM POC PATCH This Month

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Next Auth
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy