next-auth

4.24.6Last updated on Feb 14, 2024
Authentication for Next.js

Used on 254 websites

Top usage distribution

153
4.12.3
146
4.10.2
146
4.10.3
146
4.11.0
146
4.12.0
146
4.12.1
146
4.13.0
146
4.14.0

Vulnerabilities

NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
>=4.0.0 <4.10.3, >=0 <3.29.10
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
>=0 <3.29.9, >=4.0.0 <4.10.2
Missing proper state, nonce and PKCE checks for OAuth authentication
>=0 <4.20.1
NextAuth.js default redirect callback vulnerable to open redirects
>=0 <3.29.2, >=4.0.0 <4.3.2
Token verification bug in next-auth
>=0 <3.3.0
Possible user mocking that bypasses basic authentication
>=0 <4.24.5
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
>=0 <3.29.3, >=4.0.0 <4.3.3
Improper Handling of `callbackUrl` parameter in next-auth
>=0 <3.29.5, >=4.0.0 <4.5.0
Improper handling of email input
>=0 <3.29.8, >=4.0.0 <4.9.0

Versions

Sort by
4.24.6 Feb 14, 2024
808 KBUnpacked size
485Modules
4.24.5 Nov 10, 2023
809 KBUnpacked size
486Modules
4.24.4 Oct 27, 2023
804 KBUnpacked size
486Modules
4.24.3 Oct 18, 2023
806 KBUnpacked size
485Modules
4.24.2 Oct 18, 2023
806 KBUnpacked size
485Modules