Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

Auth.js

Working on open source libraries for authentication
Collective - Host: opensource - https://opencollective.com/nextauth - Website: https://authjs.dev - Code: https://github.com/nextauthjs/next-auth

Moderate
next-auth: GSA_kwCzR0hTQS12NjR3LTQ5eHctcXE4Oc4AA3R1
Possible user mocking that bypasses basic authentication
Ecosystems: npm
Packages: next-auth
Source: github
Published: about 1 year ago
High
next-auth: GSA_kwCzR0hTQS03cjd4LTRjNHEtYzRxZs4AAyE2
Missing proper state, nonce and PKCE checks for OAuth authentication
Ecosystems: npm
Packages: next-auth
Source: github
Published: almost 2 years ago
Moderate
next-auth: GSA_kwCzR0hTQS00cnhyLTI3bW0tbXhxOc4AAvIm
Upstash Adapter missing token verification
Ecosystems: npm
Packages: @next-auth/upstash-redis-adapter
Source: github
Published: about 2 years ago
Low
next-auth: GSA_kwCzR0hTQS1wNm1tLTI3Z3EtOXYzcM4AAt2a
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Ecosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
Critical
next-auth: GSA_kwCzR0hTQS14djk3LWM2MnYtNDU4N84AAtxf
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Ecosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
High
next-auth: GSA_kwCzR0hTQS1wZ2p4LTdmOWctOTQ2M84AAtHy
Improper handling of email input
Ecosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
High
next-auth: GSA_kwCzR0hTQS1nNWZtLWpwOXYtMjQzMs4AAs5b
Improper Handling of `callbackUrl` parameter in next-auth
Ecosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
Moderate
next-auth: GSA_kwCzR0hTQS1xMm14LWo0eDItMmg3NM4AArBA
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
Ecosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
Moderate
next-auth: GSA_kwCzR0hTQS1mOXdnLTVmNDYtY2ptd80_pg
NextAuth.js default redirect callback vulnerable to open redirects
Ecosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
Low
next-auth: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnNTMtNTZjZy00bThx
Token verification bug in next-auth
Ecosystems: npm
Packages: next-auth
Source: github
Published: almost 4 years ago