Security: ory/oathkeeper
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Authentication bypass by usage of untrusted headerGHSA-vhr5-ggp3-qq85 published
Mar 20, 2026 by zepatrikModerate -
Authentication bypass by cache key confusionGHSA-4mq7-pvjg-xp2r published
Mar 20, 2026 by zepatrikHigh -
Path traversal authorization bypassGHSA-p224-6x5r-fjpm published
Mar 20, 2026 by zepatrikCritical -
Hop-by-hop abuse to malform header mutatorGHSA-w9mr-28mw-j8hg published
Apr 26, 2023 by zepatrikLow -
Possible bypass of token claim validation when OAuth2 Introspection caching is enabledGHSA-qvp4-rpmr-xwrr published
Jun 22, 2021 by aeneasrHigh