3 matches found
GO-2026-5388 Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback in github.com/nhost/nhost
Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback in github.com/nhost/nhost...
GO-2026-5176 Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass in github.com/nhost/nhost
Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass in github.com/nhost/nhost...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the providerFlowSignIn process. An attacker can gain unauthorized access to another user's account by exploiting improper handling of email verification status from OAuth providers. This allows the attacker to...