VYPR

Go modules package

github.com/ory/kratos

pkg:golang/github.com/ory/kratos

Vulnerabilities (2)

  • CVE-2026-33503HigMar 26, 2026
    affected < 1.3.1-0.20260320110106-9d7085948039fixed 1.3.1-0.20260320110106-9d7085948039

    Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using th

  • CVE-2024-45042MedSep 26, 2024
    affected < 1.3.0fixed 1.3.0

    Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the `highest_available` setting will incorrectly assume that the identity’s highest available AAL is `aal1` even though it really is `