Malicious code in auth-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

EUVD-2026-1113

Malicious code in okta-auth-js npm...

Malicious Package

Overview okta-auth-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-91 Malicious code in okta-auth-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0d2189b5df6091ef38c2619c0ed24b8814459b769da6b646901bb0d1987a440 The package okta-auth-js was found to contain malicious code. Source: ghsa-malware 65d7548ce9f766315a32892d8f9588740b8fab7cc50443598ea65e8e0ce9b2ab A...

CVE-2025-48370

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

GHSA-8R88-6CJ9-9FH5 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

Impact The library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best...

CVE-2025-48370

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

CVE-2025-48370

CVE-2025-48370 affects the auth-js library (Supabase Auth). Before 2.69.1, functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require UUIDs for user-controlled inputs, enabling potential URL path traversal and invocation of the wrong API function. The issue ta...

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

PT-2025-23011 · Auth-Js · Auth-Js

Name of the Vulnerable Software and Affected Versions: auth-js versions prior to 2.69.1 Description: The issue concerns the auth-js library, an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, certain library functions such as getUserById, deleteUser, updateUserById,...

Malicious code in bouncer-auth-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba840a3603c5e477dbcc3b46d1e6b6ba1f80bb84474a2572278c7ac03817b78a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1659 Malicious code in bouncer-auth-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba840a3603c5e477dbcc3b46d1e6b6ba1f80bb84474a2572278c7ac03817b78a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...