goauthentik Summary
Latest vulnerabilities published by goauthentik
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Authentication Bypass Vulnerability in authentik Identity Provider
CVE-2025-52553GoauthentikAuthentik5.5MEDIUMSession Management Flaw in Authentik Identity Provider
CVE-2025-29928GoauthentikAuthentik8HIGHStored XSS Vulnerability in Authentik by GoAuthentik
CVE-2024-11623GoauthentikAuthentik4.8MEDIUMOAuth2 Device Code Flow Vulnerability
CVE-2024-38371GoauthentikAuthentik8.6HIGHAuthentik API-Access-Token Vulnerability Allows for Admin User Privileges Exploit
CVE-2024-37905GoauthentikAuthentik8.8HIGHPKCE downgrade attack in Authentik
CVE-2024-23647GoauthentikAuthentik6.5MEDIUMXSS in Authentik via JavaScript-URI as Redirect URI and form_post Response Mode
CVE-2024-21637GoauthentikAuthentik7.7HIGHAuthentik Fixes Issue with Token Requests
CVE-2023-48228goauthentikauthentik9.8CRITICALauthentik potential installation takeover when default admin user is deleted
CVE-2023-46249GoauthentikAuthentik9.7CRITICALUsername enumeration attack in goauthentik
CVE-2023-39522GoauthentikAuthentik5.3MEDIUMAuthentik lacks Proxy IP headers validation
CVE-2023-36456GoauthentikAuthentik8.3HIGHInsufficient user check in FlowTokens by Email stage
CVE-2023-26481GoauthentikAuthentik9.1CRITICALauthentik allows existing authenticated users to create arbitrary accounts
CVE-2022-46172GoauthentikAuthentik6.4MEDIUMauthentik vulnerable to Improper Authentication via invitation URL token reuse
CVE-2022-23555GoauthentikAuthentik9.4CRITICALauthentik vulnerable to unauthorized user creation and potential account takeover
CVE-2022-46145GoauthentikAuthentik8.1HIGH
27 June 2025
28 March 2025
4 February 2025
28 June 2024
30 January 2024
11 January 2024
21 November 2023
31 October 2023
29 August 2023
6 July 2023
4 March 2023
28 December 2022
2 December 2022
No more vulnerabilities to load.