next-auth (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package next-auth, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2022-35924 — CVSS 9.1 (critical): NextAuth.js is a complete open source authentication solution for Next.js applications. `next-auth` users who are using the `EmailProvider`…
CVE-2023-27490 — CVSS 8.1 (high): NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions…
CVE-2022-31093 — CVSS 7.5 (high): NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request…
CVE-2022-31127 — CVSS 7.1 (high): NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the…
CVE-2021-21310 — CVSS 6.1 (medium): NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a…
CVE-2022-24858 — CVSS 6.1 (medium): next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to…
CVE-2022-29214 — CVSS 6.1 (medium): NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open…
CVE-2023-48309 — CVSS 5.3 (medium): NextAuth.js provides authentication for Next.js. `next-auth` applications prior to version 4.24.5 that rely on the default Middleware…
CVE-2022-31186 — CVSS 3.3 (low): NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in…