oauth2-server

3 known vulnerabilities · 0 critical · 2 high

oauth2-server through 3.1.1 vulnerable to Open Redirect

Published Aug 30, 2022

Code Injection in oauth2-server

Published Apr 22, 2021

GHSA-jhm7-29pj-4xvf

@node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes

Published Apr 16, 2026

Check your entire dependency tree at onceRun dependency scan →