pkg:npm/@feathersjs/authentication-oauth

4 total CVEs

✅ Check your installed version

All known vulnerabilities

  • CVE-2026-29792Feathers has an OAuth Callback Account Takeover issue
    >= 5.0.0, < 5.0.42
  • CVE-2026-27193Feathers exposes internal headers via unencrypted session cookie
    from 0, < 5.0.40
  • CVE-2026-27192Feathers has an origin validation bypass via prefix matching
    from 0, < 5.0.40
  • CVE-2026-27191Feathers has an open redirect in OAuth callback enables account takeover
    from 0, < 5.0.40