goauthentik Summary

Latest vulnerabilities published by goauthentik

19 November 2025

23 July 2025

27 June 2025

28 March 2025

4 February 2025

21 November 2024

28 June 2024

30 January 2024

11 January 2024

21 November 2023

31 October 2023

29 August 2023

6 July 2023

4 March 2023

28 December 2022

2 December 2022

goauthentik Summary

Vulnerability Published:

Sort By:

19 November 2025

Authentication Flaw in Authentik Open-Source Identity Provider

OAuth Service Account Authentication Issue in Authentik by Goauthentik

23 July 2025

OAuth/SAML Vulnerability in authentik Identity Provider

27 June 2025

Authentication Bypass Vulnerability in authentik Identity Provider

28 March 2025

Session Management Flaw in Authentik Identity Provider

4 February 2025

Stored XSS Vulnerability in Authentik by GoAuthentik

21 November 2024

authentik fixed vulnerability in OAuth2 provider allowing malicious redirect URIs

28 June 2024

OAuth2 Device Code Flow Vulnerability

Authentik API-Access-Token Vulnerability Allows for Admin User Privileges Exploit

30 January 2024

PKCE downgrade attack in Authentik

11 January 2024

XSS in Authentik via JavaScript-URI as Redirect URI and form_post Response Mode

21 November 2023

Authentik Fixes Issue with Token Requests

31 October 2023

authentik potential installation takeover when default admin user is deleted

29 August 2023

Username enumeration attack in goauthentik

6 July 2023

Authentik lacks Proxy IP headers validation

4 March 2023

Insufficient user check in FlowTokens by Email stage

28 December 2022

authentik allows existing authenticated users to create arbitrary accounts

authentik vulnerable to Improper Authentication via invitation URL token reuse

2 December 2022

authentik vulnerable to unauthorized user creation and potential account takeover