VulnerableCode Package Details - pkg:npm/next-auth@3.29.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/next-auth@3.29.2

Essentials
History (2)

purl	pkg:npm/next-auth@3.29.2

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-8r8h-7m4p-f3hz	NextAuth.js default redirect callback vulnerable to open redirects next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`.	CVE-2022-24858 GHSA-f9wg-5f46-cjmw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T17:45:17.703030+00:00	GithubOSV Importer	Fixing	VCID-8r8h-7m4p-f3hz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-f9wg-5f46-cjmw/GHSA-f9wg-5f46-cjmw.json	38.6.0
2026-06-02T04:42:03.406743+00:00	GitLab Importer	Fixing	VCID-8r8h-7m4p-f3hz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/next-auth/CVE-2022-24858.yml	38.6.0