Security: nextauthjs/next-auth
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
NextAuthjs Email misdelivery VulnerabilityGHSA-5jpx-9hw9-2fx4 published
Oct 27, 2025 by himself65Moderate -
Possible user mocking that bypasses basic authenticationGHSA-v64w-49xw-qq89 published
Nov 20, 2023 by balazsorban44Moderate -
Missing proper state, nonce and PKCE checks for OAuth authenticationGHSA-7r7x-4c4q-c4qf published
Mar 9, 2023 by balazsorban44High -
Missing token verification in Upstash AdapterGHSA-4rxr-27mm-mxq9 published
Sep 28, 2022 by ThangHuuVuModerate -
Sending verification requests (magic link) to unwanted emailsGHSA-xv97-c62v-4587 published
Aug 2, 2022 by balazsorban44Critical -
Leakage of excessive information into log in next-authGHSA-p6mm-27gq-9v3p published
Jul 26, 2022 by balazsorban44Low -
Improper handling of email inputGHSA-pgjx-7f9g-9463 published
Jul 6, 2022 by balazsorban44High -
Improper Handling of `callbackUrl` parameter in next-authGHSA-g5fm-jp9v-2432 published
Jun 20, 2022 by balazsorban44High -
URL Redirection to Untrusted Site ('Open Redirect') in next-authGHSA-q2mx-j4x2-2h74 published
May 10, 2022 by balazsorban44High -
Default redirect callback vulnerable to open redirectsGHSA-f9wg-5f46-cjmw published
Apr 19, 2022 by balazsorban44High