Every CVE whose affected-product data names Perfood Couchauth, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2023-39655 — CVSS 9.6 (critical): A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host…
CVE-2025-60794 — CVSS 6.5 (medium): Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in…