Passport
This hub aggregates every CVE we track for Passport, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
LOW2HIGH2MEDIUM2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Passport.
- CVE-2026-39976Laravel Passport's TokenGuard Authenticates Unrelated User for Client Credentials Tokens7.1
- CVE-2023-29020Cross site request forgery token fixation in fastify-passport6.5
- CVE-2023-29019Session fixation in fastify-passport8.1
- CVE-2022-25896Session Fixation4.8
- CVE-2018-17500Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could...2.9
- CVE-2018-17499Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit t...2.9
Product normalization is registry-driven with AI assist and human review. How it works