VYPR

Oauth2 Server

by Thephpleague

Source repositories

CVEs (2)

  • CVE-2026-39976HigApr 9, 2026
    risk 0.39cvss 7.1epss 0.00

    Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for client_credentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier (since there's no user). The token guard…

  • CVE-2023-37260Jul 6, 2023
    risk 0.00cvss epss 0.01

    league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in…