Vulnerabilities > Nextauth JS

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-48309 Incorrect Authorization vulnerability in Nextauth.Js Next-Auth
NextAuth.js provides authentication for Next.js.
network
low complexity
nextauth-js CWE-863
5.3
5.3
2023-03-09 CVE-2023-27490 Session Fixation vulnerability in Nextauth.Js Next-Auth
NextAuth.js is an open source authentication solution for Next.js applications.
network
low complexity
nextauth-js CWE-384
8.8
8.8
2022-09-28 CVE-2022-39263 Improper Authentication vulnerability in Nextauth.Js Next-Auth
`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js.
network
high complexity
nextauth-js CWE-287
8.1
8.1
2022-07-06 CVE-2022-31127 Cross-site Scripting vulnerability in Nextauth.Js Next-Auth
NextAuth.js is a complete open source authentication solution for Next.js applications. 		4.3
4.3
2022-06-27 CVE-2022-31093 Improper Check for Unusual or Exceptional Conditions vulnerability in Nextauth.Js Next-Auth
NextAuth.js is a complete open source authentication solution for Next.js applications.
network
low complexity
nextauth-js CWE-754
5.0
5.0
2022-05-21 CVE-2022-29214 Open Redirect vulnerability in Nextauth.Js Next-Auth
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. 		5.8
5.8
2022-04-19 CVE-2022-24858 Open Redirect vulnerability in Nextauth.Js Next-Auth
next-auth v3 users before version 3.29.2 are impacted. 		5.8
5.8
2021-02-11 CVE-2021-21310 Authentication Bypass by Spoofing vulnerability in Nextauth.Js Next-Auth
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. 		4.3
4.3