goauthentik Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by goauthentik
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
OAuth/SAML Vulnerability in authentik Identity Provider
CVE-2025-53942GoauthentikAuthentik7.1HIGHSession Management Flaw in Authentik Identity Provider
CVE-2025-29928GoauthentikAuthentik8HIGHOAuth2 Device Code Flow Vulnerability
CVE-2024-38371GoauthentikAuthentik8.6HIGHAuthentik API-Access-Token Vulnerability Allows for Admin User Privileges Exploit
CVE-2024-37905GoauthentikAuthentik8.8HIGHXSS in Authentik via JavaScript-URI as Redirect URI and form_post Response Mode
CVE-2024-21637GoauthentikAuthentik7.7HIGHAuthentik Fixes Issue with Token Requests
CVE-2023-48228goauthentikauthentik9.8CRITICALauthentik potential installation takeover when default admin user is deleted
CVE-2023-46249GoauthentikAuthentik9.7CRITICALAuthentik lacks Proxy IP headers validation
CVE-2023-36456GoauthentikAuthentik8.3HIGHInsufficient user check in FlowTokens by Email stage
CVE-2023-26481GoauthentikAuthentik9.1CRITICALauthentik vulnerable to Improper Authentication via invitation URL token reuse
CVE-2022-23555GoauthentikAuthentik9.4CRITICALauthentik vulnerable to unauthorized user creation and potential account takeover
CVE-2022-46145GoauthentikAuthentik8.1HIGH
23 July 2025
28 March 2025
28 June 2024
11 January 2024
21 November 2023
31 October 2023
6 July 2023
4 March 2023
28 December 2022
2 December 2022
No more vulnerabilities to load.