Every CVE whose affected-product data names Nextauth.js Next-auth, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2022-35924 — CVSS 9.1 (critical): NextAuth.js is a complete open source authentication solution for Next.js applications. `next-auth` users who are using the `EmailProvider`…
CVE-2023-27490 — CVSS 8.1 (high): NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions…
CVE-2022-31093 — CVSS 7.5 (high): NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request…
CVE-2022-31127 — CVSS 7.1 (high): NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the…
CVE-2022-39263 — CVSS 6.8 (medium): `@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications…
CVE-2021-21310 — CVSS 6.1 (medium): NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a…
CVE-2022-24858 — CVSS 6.1 (medium): next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to…
CVE-2022-29214 — CVSS 6.1 (medium): NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open…
CVE-2023-48309 — CVSS 5.3 (medium): NextAuth.js provides authentication for Next.js. `next-auth` applications prior to version 4.24.5 that rely on the default Middleware…