VYPR

Hydra

by Ory

Source repositories

CVEs (6)

  • CVE-2026-33504HigMar 26, 2026
    risk 0.40cvss 7.2epss 0.00

    Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation.…

  • CVE-2024-45049Aug 27, 2024
    risk 0.00cvss epss 0.01

    Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying…

  • CVE-2024-32657Apr 22, 2024
    risk 0.00cvss epss 0.00

    Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this…

  • CVE-2023-42806Sep 21, 2023
    risk 0.00cvss epss 0.00

    Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or…

  • CVE-2020-5300Apr 6, 2020
    risk 0.00cvss epss 0.01

    In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the…

  • CVE-2019-8400Feb 17, 2019
    risk 0.00cvss epss 0.01

    ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.