@workos-inc/authkit-nextjs

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting @workos-inc/authkit-nextjspage 1 of 1

CVE-2024-29901MEDIUMCVSS 4.8EG 4.8✓ Fixed in 0.4.2
2024-03-29
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched …
CVE-2024-51752MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.13.2
2024-11-05
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` f…
CVE-2025-64762CRITICALCVSS 9.1EG 9.1✓ Fixed in 2.11.1
2025-11-21
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-ca…

Check whether @workos-inc/authkit-nextjs is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @workos-inc/authkit-nextjs CVEs against the assets you own.

Start Free Scan →