pkg:npm/@feathersjs/authentication-oauth

所有已知漏洞

• —CVE-2026-29792Feathers has an OAuth Callback Account Takeover issue
  >= 5.0.0, < 5.0.42
• —CVE-2026-27193Feathers exposes internal headers via unencrypted session cookie
  from 0, < 5.0.40
• —CVE-2026-27192Feathers has an origin validation bypass via prefix matching
  from 0, < 5.0.40
• —CVE-2026-27191Feathers has an open redirect in OAuth callback enables account takeover
  from 0, < 5.0.40