✅ Check your installed version
All known vulnerabilities
CRITICAL9.1CVE-2022-35924NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails >= 4.0.0, < 4.10.3
HIGH8.1CVE-2023-27490Missing proper state, nonce and PKCE checks for OAuth authentication from 0, < 4.20.1
HIGH7.5CVE-2022-31093Improper Handling of `callbackUrl` parameter in next-auth from 0, < 3.29.5
from 0, < 3.29.8
MEDIUM6.1CVE-2022-29214URL Redirection to Untrusted Site ('Open Redirect') in next-auth from 0, < 3.29.3
MEDIUM6.1CVE-2022-24858NextAuth.js default redirect callback vulnerable to open redirects from 0, < 3.29.2
MEDIUM5.3CVE-2023-48309Possible user mocking that bypasses basic authentication from 0, < 4.24.5
LOW3.3CVE-2022-31186next-auth before v4.10.2 and v3.29.9 leaks excessive information into log from 0, < 3.29.9
from 0, < 3.3.0