VYPR
Vendor

Ory

Products
6
CVEs
18
Across products
18
Status
Private

Products

6

Recent CVEs

18
  • CVE-2026-33494CriMar 26, 2026
    risk 0.58cvss 10.0epss 0.01

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path…

  • CVE-2026-33506HigMar 26, 2026
    risk 0.50cvss 8.8epss 0.00

    Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting (XSS) vulnerability in Ory Polis's login functionality. The application improperly trusts a URL…

  • CVE-2026-33496HigMar 26, 2026
    risk 0.46cvss 8.1epss 0.00

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator…

  • CVE-2026-33505HigMar 26, 2026
    risk 0.40cvss 7.2epss 0.00

    Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret…

  • CVE-2026-33504HigMar 26, 2026
    risk 0.40cvss 7.2epss 0.00

    Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation.…

  • CVE-2026-33503HigMar 26, 2026
    risk 0.40cvss 7.2epss 0.00

    Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using…

  • CVE-2026-33495MedMar 26, 2026
    risk 0.35cvss 6.5epss 0.00

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component…

  • CVE-2024-45042MedSep 26, 2024
    risk 0.22cvss 4.4epss 0.00

    Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the `highest_available` setting will incorrectly assume that the identity’s highest available AAL is `aal1` even though it really…

  • CVE-2024-45049Aug 27, 2024
    risk 0.00cvss epss 0.01

    Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying…

  • CVE-2024-32657Apr 22, 2024
    risk 0.00cvss epss 0.00

    Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this…

  • CVE-2023-42806Sep 21, 2023
    risk 0.00cvss epss 0.00

    Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or…

  • CVE-2021-32701Jun 22, 2021
    risk 0.00cvss epss 0.01

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with that `foo` scope, introspection…

  • CVE-2020-15233Oct 2, 2020
    risk 0.00cvss epss 0.01

    ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is…

  • CVE-2020-15234Oct 2, 2020
    risk 0.00cvss epss 0.01

    ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should…

  • CVE-2020-15222Sep 24, 2020
    risk 0.00cvss epss 0.01

    In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When using client authentication method "private_key_jwt", OpenId specification says…

  • CVE-2020-15223Sep 24, 2020
    risk 0.00cvss epss 0.02

    In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid.…

  • CVE-2020-5300Apr 6, 2020
    risk 0.00cvss epss 0.01

    In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the…

  • CVE-2019-8400Feb 17, 2019
    risk 0.00cvss epss 0.01

    ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.