Overview · workos/authkit-nextjs · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Organization data exposed to authenticated users via server action
GHSA-ph3g-6p57-jfm5 published Jun 29, 2026 by willporter-workos

Moderate
Session cookies can be cached in CDNs
GHSA-p8pf-44ff-93gf published Nov 20, 2025 by nickcollisson-workos

High
Refresh tokens are logged when the debug flag is enabled
GHSA-5wmg-9cvh-qw25 published Nov 5, 2024 by marji-workos

Low
Session replay vulnerability
GHSA-35w3-6qhc-474v published Mar 28, 2024 by cmatheson

Moderate

Learn more about advisories related to workos/authkit-nextjs in the GitHub Advisory Database