| CVE-2026-40575 |
critical |
9.1 |
9.1 |
|
|
|
1mo ago |
OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing |
| CVE-2026-41059 |
high |
8.2 |
8.2 |
|
|
|
1mo ago |
OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex |
| CVE-2026-40574 |
medium |
6.8 |
6.8 |
|
|
|
1mo ago |
OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims |
| CVE-2026-34457 |
unknown |
— |
— |
|
|
|
2mo ago |
OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode |
| CVE-2026-34454 |
unknown |
— |
— |
|
|
|
2mo ago |
OAuth2 Proxy's session cookies are not cleared when rendering sign-in page |
| CVE-2025-64484 |
unknown |
— |
— |
|
|
|
7mo ago |
OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation in github.com/oauth2-proxy/oauth2-proxy |
| CVE-2025-54576 |
unknown |
— |
— |
|
|
|
10mo ago |
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion in github.com/oauth2-proxy/oauth2-proxy |
| CVE-2021-21411 |
unknown |
— |
— |
|
|
|
10mo ago |
OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0 in github.com/oauth2-proxy/oauth2-proxy |
| CVE-2021-21291 |
unknown |
— |
— |
|
|
|
5y ago |
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy in github.com/oauth2-proxy/oauth2-proxy |
