CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/03/11 5:16 p.m.•1 views

CVE-2026-31813

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS0.00042EPSS

Cvelist•added 2026/03/11 4:42 p.m.•25 views

CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens

4.8CVSS0.00042EPSS

OSV•added 2026/03/11 4:42 p.m.•3 views

CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens

4.8CVSS5.8AI score0.00042EPSS

ATTACKERKB•added 2026/03/11 4:42 p.m.•1 views

CVE-2026-31813

Exploits0References2Affected Software1

CVE•added 2026/03/11 4:42 p.m.•6 views

CVE-2026-31813

CVE-2026-31813 affects Supabase Auth. Before version 2.185.0, if Apple or Azure as OIDC providers are enabled, an attacker can create a valid, asymmetrically signed ID token from their issuer for each victim email and send it to the token endpoint using the ID token flow. If the ID token is OIDC ...

Exploits0References1Affected Software1

Vulnrichment•added 2026/03/11 4:42 p.m.•0 views

CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens

Positive Technologies•added 2026/03/11 12:0 a.m.•0 views

PT-2026-24743

Exploits0References4

Auth 安全漏洞

Auth is a user authentication and management system developed by Supabase. Previous versions of Supabase Auth, such as 2.185.0, had security vulnerabilities. These vulnerabilities occurred when Apple or Azure providers were enabled, allowing attackers to issue session tokens for arbitrary users...

编号撤回

“ring”（Brian Smith）。“ring”。 “The R Foundation”“R”（The R Foundation）。“R”。“Supabase Auth”（Supabase）。“Auth”。CVE。...

5.8AI score0.0003EPSS

编号撤回

“ring”（Brian Smith）。“ring”。 “The R Foundation”“R”（The R Foundation）。“R”。“Supabase Auth”（Supabase）。“Auth”。CVE。...

5.8AI score0.0003EPSS

编号撤回

“ring”（Brian Smith）。“ring”。 “The R Foundation”“R”（The R Foundation）。“R”。“Supabase Auth”（Supabase）。“Auth”。CVE。...

5.8AI score0.0003EPSS

Veracode•added 2025/05/29 2:36 a.m.•5 views

Path Traversal

@supabase/auth-js is vulnerable to Path Traversal . The vulnerability is due to missing UUID validation on user-supplied inputs, which allows an attacker to manipulate URL paths and invoke unintended API functions...

6.9CVSS6.6AI score0.002EPSS

Exploits0References4Affected Software1

NVD•added 2025/05/27 4:15 p.m.•23 views

CVE-2025-48370

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

6.9CVSS0.002EPSS

CVE•added 2025/05/27 3:27 p.m.•53 views

CVE-2025-48370

CVE-2025-48370 affects the auth-js library (Supabase Auth). Before 2.69.1, functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require UUIDs for user-controlled inputs, enabling potential URL path traversal and invocation of the wrong API function. The issue ta...

6.9CVSS5.2AI score0.002EPSS

CNNVD•added 2025/05/27 12:0 a.m.•1 views

auth-js 路径遍历漏洞

auth-js is a Supabase Auth isomorphic Javascript library open-sourced by Supabase. A path traversal vulnerability exists in versions of auth-js prior to 2.69.1, which stems from an unvalidated user-supplied UUID and could lead to URL path traversal...

6.9CVSS6.4AI score0.002EPSS