VulnerableCode Package Details - pkg:npm/next-auth@4.0.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/next-auth@4.0.0

Essentials
History (1)

purl	pkg:npm/next-auth@4.0.0

Next non-vulnerable version	4.3.2
Latest non-vulnerable version	5.0.0-beta.30
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-8r8h-7m4p-f3hz Aliases: CVE-2022-24858 GHSA-f9wg-5f46-cjmw	NextAuth.js default redirect callback vulnerable to open redirects next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`.	4.3.2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:42:03.399376+00:00	GitLab Importer	Affected by	VCID-8r8h-7m4p-f3hz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/next-auth/CVE-2022-24858.yml	38.6.0