VYPR
Vendor

Workos

Products
4
CVEs
5
Across products
5
Status
Private

Products

4

Recent CVEs

5
  • CVE-2025-55009HigAug 9, 2025
    risk 0.39cvss 7.1epss 0.00

    The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and…

  • CVE-2025-55008HigAug 9, 2025
    risk 0.39cvss 7.1epss 0.00

    The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession…

  • CVE-2025-23017MedFeb 24, 2025
    risk 0.39cvss 6.0epss 0.00

    WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred.

  • CVE-2026-42565MedMay 11, 2026
    risk 0.21cvss 4.3epss 0.00

    @workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The…

  • CVE-2024-51753LowNov 5, 2024
    risk 0.07cvss epss 0.00

    The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched…