Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40workos-inc/authkit-nextjs@0.4.2
Typenpm
Namespace@workos-inc
Nameauthkit-nextjs
Version0.4.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.11.1
Latest_non_vulnerable_version3.0.0-beta.1
Affected_by_vulnerabilities
0
url VCID-6vp4-sua2-ykcm
vulnerability_id VCID-6vp4-sua2-ykcm
summary The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications deployed on Vercel are unaffected unless they manually enable CDN caching by setting cache headers on authenticated paths. Patched in authkit-nextjs 2.11.1, which applies anti-caching headers to all responses behind authentication.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64762
reference_id
reference_type
scores
0
value 0.00082
scoring_system epss
scoring_elements 0.24197
published_at 2026-06-14T12:55:00Z
1
value 0.00082
scoring_system epss
scoring_elements 0.2421
published_at 2026-06-12T12:55:00Z
2
value 0.00082
scoring_system epss
scoring_elements 0.24218
published_at 2026-06-13T12:55:00Z
3
value 0.00082
scoring_system epss
scoring_elements 0.24013
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64762
1
reference_url https://github.com/workos/authkit-nextjs
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/workos/authkit-nextjs
2
reference_url https://github.com/workos/authkit-nextjs/commit/94cf438124993abb0e7c19dac64c3cb5724a15ea
reference_id 94cf438124993abb0e7c19dac64c3cb5724a15ea
reference_type
scores
0
value 8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-24T17:03:08Z/
url https://github.com/workos/authkit-nextjs/commit/94cf438124993abb0e7c19dac64c3cb5724a15ea
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64762
reference_id CVE-2025-64762
reference_type
scores
0
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64762
4
reference_url https://github.com/advisories/GHSA-p8pf-44ff-93gf
reference_id GHSA-p8pf-44ff-93gf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p8pf-44ff-93gf
5
reference_url https://github.com/workos/authkit-nextjs/security/advisories/GHSA-p8pf-44ff-93gf
reference_id GHSA-p8pf-44ff-93gf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-24T17:03:08Z/
url https://github.com/workos/authkit-nextjs/security/advisories/GHSA-p8pf-44ff-93gf
6
reference_url https://github.com/workos/authkit-nextjs/releases/tag/v2.11.1
reference_id v2.11.1
reference_type
scores
0
value 8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value 8.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-24T17:03:08Z/
url https://github.com/workos/authkit-nextjs/releases/tag/v2.11.1
fixed_packages
0
url pkg:npm/%40workos-inc/authkit-nextjs@2.11.1
purl pkg:npm/%40workos-inc/authkit-nextjs@2.11.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540workos-inc/authkit-nextjs@2.11.1
1
url pkg:npm/%40workos-inc/authkit-nextjs@3.0.0-beta.1
purl pkg:npm/%40workos-inc/authkit-nextjs@3.0.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540workos-inc/authkit-nextjs@3.0.0-beta.1
aliases CVE-2025-64762, GHSA-p8pf-44ff-93gf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6vp4-sua2-ykcm
1
url VCID-sxe1-y1n4-z3b2
vulnerability_id VCID-sxe1-y1n4-z3b2
summary The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51752
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.4002
published_at 2026-06-13T12:55:00Z
1
value 0.00182
scoring_system epss
scoring_elements 0.40009
published_at 2026-06-14T12:55:00Z
2
value 0.00182
scoring_system epss
scoring_elements 0.39997
published_at 2026-06-12T12:55:00Z
3
value 0.00182
scoring_system epss
scoring_elements 0.39827
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51752
1
reference_url https://github.com/workos/authkit-nextjs
reference_id
reference_type
scores
0
value 0.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/workos/authkit-nextjs
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51752
reference_id
reference_type
scores
0
value 0.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51752
3
reference_url https://github.com/workos/authkit-nextjs/commit/15a332632f7560b03cc6d8cc8da24fd2ac931da7
reference_id 15a332632f7560b03cc6d8cc8da24fd2ac931da7
reference_type
scores
0
value 0.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T20:14:57Z/
url https://github.com/workos/authkit-nextjs/commit/15a332632f7560b03cc6d8cc8da24fd2ac931da7
4
reference_url https://github.com/advisories/GHSA-5wmg-9cvh-qw25
reference_id GHSA-5wmg-9cvh-qw25
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5wmg-9cvh-qw25
5
reference_url https://github.com/workos/authkit-nextjs/security/advisories/GHSA-5wmg-9cvh-qw25
reference_id GHSA-5wmg-9cvh-qw25
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 0.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T20:14:57Z/
url https://github.com/workos/authkit-nextjs/security/advisories/GHSA-5wmg-9cvh-qw25
6
reference_url https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2
reference_id v0.13.2
reference_type
scores
0
value 0.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T20:14:57Z/
url https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2
fixed_packages
0
url pkg:npm/%40workos-inc/authkit-nextjs@0.13.2
purl pkg:npm/%40workos-inc/authkit-nextjs@0.13.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6vp4-sua2-ykcm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540workos-inc/authkit-nextjs@0.13.2
aliases CVE-2024-51752, GHSA-5wmg-9cvh-qw25
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sxe1-y1n4-z3b2
Fixing_vulnerabilities
0
url VCID-qdm1-tzhh-h3f5
vulnerability_id VCID-qdm1-tzhh-h3f5
summary 
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.
A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29901
reference_id
reference_type
scores
0
value 0.0046
scoring_system epss
scoring_elements 0.64674
published_at 2026-06-13T12:55:00Z
1
value 0.0046
scoring_system epss
scoring_elements 0.6467
published_at 2026-06-14T12:55:00Z
2
value 0.0046
scoring_system epss
scoring_elements 0.64663
published_at 2026-06-12T12:55:00Z
3
value 0.0046
scoring_system epss
scoring_elements 0.6456
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29901
1
reference_url https://github.com/workos/authkit-nextjs
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/workos/authkit-nextjs
2
reference_url https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01
reference_id 6c3f4f3179d66cbb15de3962792083ff3b244a01
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:05:37Z/
url https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29901
reference_id CVE-2024-29901
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29901
4
reference_url https://github.com/advisories/GHSA-35w3-6qhc-474v
reference_id GHSA-35w3-6qhc-474v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35w3-6qhc-474v
5
reference_url https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v
reference_id GHSA-35w3-6qhc-474v
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:05:37Z/
url https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v
6
reference_url https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2
reference_id v0.4.2
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:05:37Z/
url https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2
fixed_packages
0
url pkg:npm/%40workos-inc/authkit-nextjs@0.4.2
purl pkg:npm/%40workos-inc/authkit-nextjs@0.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6vp4-sua2-ykcm
1
vulnerability VCID-sxe1-y1n4-z3b2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540workos-inc/authkit-nextjs@0.4.2
aliases CVE-2024-29901, GHSA-35w3-6qhc-474v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdm1-tzhh-h3f5
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540workos-inc/authkit-nextjs@0.4.2