VYPR

npm package

@supabase/auth-js

pkg:npm/%40supabase/auth-js

Vulnerabilities (1)

  • CVE-2025-48370LowMay 27, 2025
    affected < 2.70.0fixed 2.70.0

    auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal,