@aangeles/jefeui (>=1.10.0 <=1.11.6), @aipmorg/chat (=1.5.3) +54 more potentially affected by unknown CVE via next-auth (>=5.0.0-beta.11 <=5.0.0-beta.3)

next-auth NPM version =5.0.0-beta.11, =1.10.0, =1.10.3, =0.1.0, =1.2.4-main.7f918ee.29, =0.0.2, =1.0.0, =0.1.6, =0.152.1, =1.0.0, =0.106.0, =0.122.0-rc.13 - @irshadkhan-dev/pandapulse-db =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5JPX-9HW9-2FX4...

EUVD-2022-1719

Malicious code in bioql PyPI...

CVE-2022-24858

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

GHSA-V64W-49XW-QQ89 Possible user mocking that bypasses basic authentication

Impact next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow state, PKCE or nonce. Manually overriding the...

@app-box/web (=1.0.0), @chirpy-dev/analytics (=0.0.1) +46 more potentially affected by CVE-2023-27490 via next-auth (>=0.0.0-manual.83c4ebd1 <=4.1.2)

next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =4.0.0-alpha.24, =4.0.0-alpha.1, =4.0.0-alpha.6, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.13.3 and more Source cves: CVE-2023-27490 Source advisory: OSV:GHSA-7R7X-4C4Q-C4QF...

@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-31186 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)

next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-31186 Source advisory: OSV:GHSA-P6MM-27GQ-9V3P...

@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-31127 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)

next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-31127 Source advisory: OSV:GHSA-PGJX-7F9G-9463...

@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-31093 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)

next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-31093 Source advisory: OSV:GHSA-G5FM-JP9V-2432...

@5minds/processcube_docflow (>=1.3.2-develop-01bdfb-m4jp5iuo <=2.1.0-test-fb53a9-mispuplg), @adamjoelfraser/auth-drizzle (=1.0.0) +491 more potentially affected by CVE-2022-29214 via next-auth (>=4.10.3 <=4.2.1)

next-auth NPM version =4.10.3, =1.3.2-develop-01bdfb-m4jp5iuo, =0.1.20, =3.0.5, =3.0.3, =1.1.18, =1.1.63, =1.1.7, =1.0.77, =1.0.1, =0.1.0, =1.1.77 - @authjs-web3-providers/core =0.5.0 and more Source cves: CVE-2022-29214 Source advisory: OSV:GHSA-Q2MX-J4X2-2H74...

@5minds/processcube_docflow (>=1.3.2-develop-01bdfb-m4jp5iuo <=2.1.0-test-fb53a9-mispuplg), @adamjoelfraser/auth-drizzle (=1.0.0) +491 more potentially affected by CVE-2022-24858 via next-auth (>=4.10.3 <=4.2.1)

next-auth NPM version =4.10.3, =1.3.2-develop-01bdfb-m4jp5iuo, =0.1.20, =3.0.5, =3.0.3, =1.1.18, =1.1.63, =1.1.7, =1.0.77, =1.0.1, =0.1.0, =1.1.77 - @authjs-web3-providers/core =0.5.0 and more Source cves: CVE-2022-24858 Source advisory: OSV:GHSA-F9WG-5F46-CJMW...

@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-24858 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)

next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-24858 Source advisory: OSV:GHSA-F9WG-5F46-CJMW...

CVE-2022-24858 Default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...