@workos/authkit-session has an Open Redirect via state-derived redirect target

An open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is round-tripped through the identity provider IdP and can be influenced by an attacker. The handleCallback...

@bigchaindb/jwt (>=0.0.18 <=0.0.20), @compas/store (>=0.0.172 <=0.20.0) +36 more potentially affected by CVE-2025-65945 via jws (=4.0.0)

jws NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jws and may be impacted: - @bigchaindb/jwt =0.0.18, =0.0.172, =11.8.0, =1.0.0-beta.2, =1.1.0, =0.0.22, =15.2.0, =17.1.6, =13.0.0, =10.1.0, =10.4.0, =10.1.0, =10.3.0-snapshot, =0.1.1...

EUVD-2020-3213

Malware in sbrugna...

EUVD-2024-31254

Malicious code in bioql PyPI...

CLSA-2025-1758896552 dovecot: Fix of CVE-2020-12674

CVE-2020-12674: fix mishandling of zero length in RPA request to prevent auth service crash...

CLSA-2025-1758820840 dovecot: Fix of CVE-2020-12674

CVE-2020-12674: fix mishandling of zero length in RPA request to prevent auth service crash...

MAL-2025-26289 Malicious code in mi-angular-vmp-auth-service (npm)

The package mi-angular-vmp-auth-service was found to contain malicious code...

Malicious code in mi-angular-vmp-auth-service (npm)

The package mi-angular-vmp-auth-service was found to contain malicious code...

Malicious code in @frozen-team-qa/auth-service (npm)

The package @frozen-team-qa/auth-service was found to contain malicious code...

MAL-2025-7947 Malicious code in @frozen-team-qa/auth-service (npm)

The package @frozen-team-qa/auth-service was found to contain malicious code...

Malicious Package

Overview ipp-auth-service-tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious code in ipp-auth-service-tools (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54b42b5695779161ac5d3618b146cd263b9f17a9c1fe517abd5efff7b3ecdc97 Any computer that has this package installed or running should be considered...

MAL-2025-6099 Malicious code in ipp-auth-service-tools (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54b42b5695779161ac5d3618b146cd263b9f17a9c1fe517abd5efff7b3ecdc97 Any computer that has this package installed or running should be considered...

CVE-2024-33516

An unauthenticated Denial of Service DoS vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller...

CVE-2024-33516

An unauthenticated Denial of Service DoS vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller...

CVE-2024-33516

ArubaOS (Aruba Mobility Controllers) is affected by CVE-2024-33516 where an unauthenticated DoS via the PAPI protocol (UDP port 8211) can interrupt the controller’s operation. Public details indicate ArubaOS 8.10.x, 8.11.x, 10.4.x, and 10.5.x are affected; fixes are available in Aruba PSA-2024-00...

PT-2023-29939 · Extreme Networks · Iq Engine

Name of the Vulnerable Software and Affected Versions: Extreme Networks IQ Engine versions prior to 10.6r1a Extreme Networks IQ Engine versions 10.6r1a through 10.6r4 before 10.6r5 Description: The issue is related to a Buffer Overflow vulnerability in the implementation of the ah auth service,...

0xsodium (>=0.0.0 <=1.48.0), 3extensions (=1.0.1) +968 more potentially affected by CVE-2023-26144 via graphql (>=16.3.0 <=16.8.0)

graphql NPM version =16.3.0, =0.0.0, =0.0.1, =0.0.0, =0.0.0, =0.0.1, =1.16.13, =1.8.5, =1.1.12, =1.6.23, =1.16.6, =1.1.12, =1.8.5, =1.16.33, =1.0.0, =1.17.12-beta-20260420-075606-d7d7a9c7 and more Source cves: CVE-2023-26144 Source advisory: SNYK:JS-GRAPHQL-5905181...

SUSE CVE-2020-12674

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled...

MAL-2022-3776 Malicious code in idnnnms-widget-auth-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2d88993f3efd7188328e5518c6b2c91a51f857df272820e8a2c4fced28c1fcc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...