NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
>=4.0.0 <4.10.3, >=0 <3.29.10
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
>=0 <3.29.9, >=4.0.0 <4.10.2
Missing proper state, nonce and PKCE checks for OAuth authentication
>=0 <4.20.1
NextAuth.js default redirect callback vulnerable to open redirects
>=0 <3.29.2, >=4.0.0 <4.3.2
Token verification bug in next-auth
>=0 <3.3.0
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
>=0 <3.29.3, >=4.0.0 <4.3.3
Improper Handling of `callbackUrl` parameter in next-auth
>=0 <3.29.5, >=4.0.0 <4.5.0
Improper handling of email input
>=0 <3.29.8, >=4.0.0 <4.9.0