Skip to content

GHSA-w5hq-g745-h8pq on uuid version used in latest v4 (4.24.14) #13420

Open
Open
GHSA-w5hq-g745-h8pq on uuid version used in latest v4 (4.24.14)#13420
Labels
bugSomething isn't workingtriageUnseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
@wrslatz

Description

@wrslatz
wrslatz
opened on Apr 27, 2026

Environment

    OS: Linux 6.17 Ubuntu 24.04.4 LTS 24.04.4 LTS (Noble Numbat)
    Node: 24.14.1
  npmPackages:
    next: 16.2.3 => 16.2.3
    next-auth: 4.24.14 => 4.24.14
    react: 18.3.1 => 18.3.1

Reproduction URL

https://github.com/github-community-projects/private-mirrors

Describe the issue

uuid v8.3.2 has finding GHSA-w5hq-g745-h8pq, fixed in uuid v14.

How to reproduce

npm audit

Expected behavior

next-auth uses an updated version of uuid without the finding.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingtriageUnseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions