next-auth

4.15.0Last updated on Oct 23, 2022
Authentication for Next.js

Used on 63 websites

Top usage distribution

37
4.12.3
36
4.10.2
36
4.10.3
36
4.11.0
36
4.12.0
36
4.12.1
36
4.12.2
36
4.13.0

Vulnerabilities

NextAuth.js default redirect callback vulnerable to open redirects
>=0 <3.29.2, >=4.0.0 <4.3.2
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
>=0 <3.29.9, >=4.0.0 <4.10.2
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
>=4.0.0 <4.10.3, >=0 <3.29.10
Token verification bug in next-auth
>=0 <3.3.0
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
>=0 <3.29.3, >=4.0.0 <4.3.3
Improper Handling of `callbackUrl` parameter in next-auth
>=0 <3.29.5, >=4.0.0 <4.5.0
Improper handling of email input
>=0 <3.29.8, >=4.0.0 <4.9.0

Versions

Sort by
4.15.0 Oct 23, 2022
36Websites
352 KBUnpacked size
241Modules
4.14.0 Oct 14, 2022
36Websites
349 KBUnpacked size
239Modules
4.13.0 Oct 9, 2022
36Websites
348 KBUnpacked size
237Modules
4.12.3 Oct 5, 2022
37Websites
343 KBUnpacked size
233Modules
4.12.2 Sep 28, 2022
36Websites
343 KBUnpacked size
233Modules