next-auth

4.20.1Last updated on Mar 2, 2023
Authentication for Next.js

Used on 254 websites

Top usage distribution

153
4.12.3
146
4.10.2
146
4.10.3
146
4.11.0
146
4.12.0
146
4.12.1
146
4.13.0
146
4.14.0

Vulnerabilities

NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
>=4.0.0 <4.10.3, >=0 <3.29.10
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
>=0 <3.29.9, >=4.0.0 <4.10.2
Missing proper state, nonce and PKCE checks for OAuth authentication
>=0 <4.20.1
NextAuth.js default redirect callback vulnerable to open redirects
>=0 <3.29.2, >=4.0.0 <4.3.2
Token verification bug in next-auth
>=0 <3.3.0
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
>=0 <3.29.3, >=4.0.0 <4.3.3
Improper Handling of `callbackUrl` parameter in next-auth
>=0 <3.29.5, >=4.0.0 <4.5.0
Improper handling of email input
>=0 <3.29.8, >=4.0.0 <4.9.0

Versions

Sort by
4.20.1 Mar 2, 2023
364 KBUnpacked size
237Modules
4.20.0 Mar 2, 2023
364 KBUnpacked size
241Modules
4.19.2 Feb 2, 2023
364 KBUnpacked size
241Modules
4.19.1 Jan 31, 2023
364 KBUnpacked size
241Modules
4.19.0 Jan 28, 2023
361 KBUnpacked size
241Modules