next-auth

4.23.1Last updated on Aug 16, 2023
Authentication for Next.js

Used on 254 websites

Top usage distribution

153
4.12.3
146
4.10.2
146
4.10.3
146
4.11.0
146
4.12.0
146
4.12.1
146
4.13.0
146
4.14.0

Vulnerabilities

NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
>=4.0.0 <4.10.3, >=0 <3.29.10
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
>=0 <3.29.9, >=4.0.0 <4.10.2
Missing proper state, nonce and PKCE checks for OAuth authentication
>=0 <4.20.1
NextAuth.js default redirect callback vulnerable to open redirects
>=0 <3.29.2, >=4.0.0 <4.3.2
Token verification bug in next-auth
>=0 <3.3.0
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
>=0 <3.29.3, >=4.0.0 <4.3.3
Improper Handling of `callbackUrl` parameter in next-auth
>=0 <3.29.5, >=4.0.0 <4.5.0
Improper handling of email input
>=0 <3.29.8, >=4.0.0 <4.9.0

Versions

Sort by
4.23.1 Aug 16, 2023
809 KBUnpacked size
485Modules
4.23.0 Aug 11, 2023
809 KBUnpacked size
486Modules
4.22.5 Aug 8, 2023
804 KBUnpacked size
482Modules
4.22.4 Aug 6, 2023
803 KBUnpacked size
482Modules
4.22.3 Jul 18, 2023
804 KBUnpacked size
482Modules