express-openid-connect

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting express-openid-connectpage 1 of 1

CVE-2021-41246MEDIUMCVSS 4.6EG 4.6✓ Fixed in 2.5.2
2021-12-09
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior open…
CVE-2022-24794HIGHCVSS 7.5EG 7.5✓ Fixed in 2.7.2
2022-03-31
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an O…

Check whether express-openid-connect is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for express-openid-connect CVEs against the assets you own.

Start Free Scan →