VYPR

Nhost\/auth

by Nhost

Source repositories

CVEs (2)

  • CVE-2026-41574CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.01

    Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's…

  • CVE-2026-34969HigApr 6, 2026
    risk 0.42cvss 7.5epss 0.00

    Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly into the redirect URL as a query parameter. Refresh tokens in URLs are logged in browser history, server access logs,…