Exposure of NextAuth.js
Authentication19
exposure score
16,885
sites use
0
exploited
1
critical
CVEs
10 resultsCVE-2021-21310MEDIUMToken verification bug in next-authEPSS 1.7%CVE-2022-31093HIGHImproper Handling of `callbackUrl` parameter in next-authEPSS 1.6%CVE-2022-35924CRITICALVerification requests (magic link) sent to unwanted emailsEPSS 1.1%CVE-2022-31127HIGHImproper handling of email input in next-authEPSS 0.9%CVE-2022-24858MEDIUMDefault redirect callback vulnerable to open redirectsEPSS 0.7%CVE-2023-48309MEDIUMnext-auth vulnerable to possible user mocking that bypasses basic authenticationEPSS 0.7%CVE-2022-29214MEDIUMURL Redirection to Untrusted Site ('Open Redirect') in next-authEPSS 0.6%CVE-2022-39263MEDIUMNextAuth.js Upstash Adapter missing token verificationEPSS 0.6%CVE-2023-27490HIGHMissing proper state, nonce and PKCE checks for OAuth authentication in next-authEPSS 0.5%CVE-2022-31186LOWLeakage of excessive information into log in next-authEPSS 0.2%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →