ory

Top products

The 15 most recently published vulnerabilities affecting ory.

• CVE-2026-33506DOM-Based XSS in Ory Polis Login Page8.8Mar 26, 2026
• CVE-2026-33505Ory Keto has a SQL injection via forged pagination tokens7.2Mar 26, 2026
• CVE-2026-33504Ory Hydra has a SQL injection via forged pagination tokens7.2Mar 26, 2026
• CVE-2026-33503Ory Kratos has a SQL injection via forged pagination tokens7.2Mar 26, 2026
• CVE-2026-33496Ory Oathkeeper has an authentication bypass by cache key confusion8.1Mar 26, 2026
• CVE-2026-33495Ory Oathkeeper has an authentication bypass by usage of untrusted header6.5Mar 26, 2026
• CVE-2026-33494Ory Oathkeeper has a path traversal authorization bypass10.0Mar 26, 2026
• CVE-2024-45042Ory Kratos's `highest_available` setting does not properly respect code + mfa credentials4.4Sep 26, 2024
• CVE-2021-32701Possible bypass of token claim validation when OAuth2 Introspection caching is enabled7.5Jun 22, 2021
• CVE-2020-15233OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses6.1Oct 2, 2020
• CVE-2020-15234Redirect URL matching ignores character casing6.1Oct 2, 2020
• CVE-2020-15222Replay of private_key_jwt possible in ORY Fosite8.1Sep 24, 2020
• CVE-2020-15223Ignored storage errors on token revokation in ORY Fosite8.0Sep 24, 2020
• CVE-2020-5300Disallow replay of `private_key_jwt` by blacklisting JTIs in Hydra5.8Apr 6, 2020
• CVE-2019-8400ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.6.1Feb 17, 2019