Oauth2
This hub aggregates every CVE we track for Oauth2, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
HIGH2MEDIUM2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 4 most recently published vulnerabilities affecting Oauth2.
- CVE-2023-49104An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently ...8.7
- CVE-2023-31999All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent ...8.8
- CVE-2013-4347The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to gue...5.8
- CVE-2013-4346The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.4.3
Product normalization is registry-driven with AI assist and human review. How it works