Ecosyste.ms: Packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

Top 0.5% on npmjs.org
Top 0.2% downloads on npmjs.org
Top 0.2% dependent packages on npmjs.org
Top 0.2% dependent repos on npmjs.org
Top 0.8% forks on npmjs.org
Top 0.7% docker downloads on npmjs.org

npmjs.org : next-auth

Authentication for Next.js

Registry - Source - Homepage - JSON
purl: pkg:npm/next-auth
Keywords: react, nodejs, oauth, jwt, oauth2, authentication, nextjs, csrf, oidc, nextauth, auth, nuxt, nuxt-auth, remix-auth, solid-auth, solidjs, sveltekit, web
License: ISC
Latest release: 2 months ago
First release: almost 2 years ago
Dependent packages: 304
Dependent repositories: 19,200
Downloads: 3,732,683 last month
Stars: 21,967 on GitHub
Forks: 2,856 on GitHub
Docker dependents: 318
Docker downloads: 91,982
Total Commits: 3018
Committers: 688
Average commits per author: 4.387
Development Distribution Score (DDS): 0.649
More commit stats: commits.ecosyste.ms
See more repository details: repos.ecosyste.ms
Funding links: https://opencollective.com/nextauth, https://github.com/sponsors/balazsorban44, https://github.com/sponsors/ThangHuuVu
Last synced: 1 day ago

High

GSA_kwCzR0hTQS1wZ2p4LTdmOWctOTQ2M84AAtHy

Improper handling of email input
Ecosystems: npm
Packages: next-auth
Source: github
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1mOXdnLTVmNDYtY2ptd80_pg

NextAuth.js default redirect callback vulnerable to open redirects
Ecosystems: npm
Packages: next-auth
Source: github
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS1xMm14LWo0eDItMmg3NM4AArBA

URL Redirection to Untrusted Site ('Open Redirect') in next-auth
Ecosystems: npm
Packages: next-auth
Source: github
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS12NjR3LTQ5eHctcXE4Oc4AA3R1

Possible user mocking that bypasses basic authentication
Ecosystems: npm
Packages: next-auth
Source: github
Published: 6 months ago

Low

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnNTMtNTZjZy00bThx

Token verification bug in next-auth
Ecosystems: npm
Packages: next-auth
Source: github
Published: about 3 years ago

Low

GSA_kwCzR0hTQS1wNm1tLTI3Z3EtOXYzcM4AAt2a

next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Ecosystems: npm
Packages: next-auth
Source: github
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1nNWZtLWpwOXYtMjQzMs4AAs5b

Improper Handling of `callbackUrl` parameter in next-auth
Ecosystems: npm
Packages: next-auth
Source: github
Published: almost 2 years ago

High

GSA_kwCzR0hTQS03cjd4LTRjNHEtYzRxZs4AAyE2

Missing proper state, nonce and PKCE checks for OAuth authentication
Ecosystems: npm
Packages: next-auth
Source: github
Published: about 1 year ago

Critical

GSA_kwCzR0hTQS14djk3LWM2MnYtNDU4N84AAtxf

NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Ecosystems: npm
Packages: next-auth
Source: github
Published: almost 2 years ago