Go modules package
github.com/ory/kratos
pkg:golang/github.com/ory/kratos
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33503 | Hig | 7.2 | < 1.3.1-0.20260320110106-9d7085948039 | 1.3.1-0.20260320110106-9d7085948039 | Mar 26, 2026 | Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using th | |
| CVE-2024-45042 | Med | 4.4 | < 1.3.0 | 1.3.0 | Sep 26, 2024 | Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the `highest_available` setting will incorrectly assume that the identity’s highest available AAL is `aal1` even though it really is ` |
- affected < 1.3.1-0.20260320110106-9d7085948039fixed 1.3.1-0.20260320110106-9d7085948039
Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using th
- affected < 1.3.0fixed 1.3.0
Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the `highest_available` setting will incorrectly assume that the identity’s highest available AAL is `aal1` even though it really is `