@perfood/couch Auth
Sign in to watchby @perfood
Source repositories
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-70948 | Cri | 0.60 | 9.3 | 0.00 | Mar 5, 2026 | A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header. | |
| CVE-2025-70949 | Hig | 0.49 | 7.5 | 0.00 | Mar 5, 2026 | An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel. |