Authentication and session helpers for using WorkOS & AuthKit with Next.js
93%
Total Score
65
100
100
100
100
| Title | Versions | Severity |
|---|---|---|
AIKIDO-2026-309251 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. @workos-inc/authkit-nextjs is vulnerable to Insecure Direct Object Reference (IDOR) in versions 1.0.0 - 4.1.2. | 1.0.0 - 4.1.2 | High |
CVE-2025-64762 @workos-inc/authkit-nextjs is vulnerable to Use of Cache Containing Sensitive Information in versions 0.0.0 - 2.11.0. | 0.0.0 - 2.11.0 | High |
CVE-2024-51752 @workos-inc/authkit-nextjs is vulnerable to Insertion of Sensitive Information into Log File in versions 0.0.0 - 0.13.2. | 0.0.0 - 0.13.2 | Low |
CVE-2024-29901 @workos-inc/authkit-nextjs is vulnerable to Authentication Bypass by Capture-replay in versions 0.0.0 - 0.4.2. | 0.0.0 - 0.4.2 | Medium |
| Dependency | Last Release | Score |
|---|---|---|
jose Version ^5.10.0 | — | — |
valibot Version ^1.2.0 | — | — |
iron-session Version ^8.0.4 | — | — |
path-to-regexp Version ^6.3.0 | — | — |
@sindresorhus/fnv1a Version ^3.1.0 | — | — |
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant