threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oauth2 proxy project oauth2 proxy
Product
oauth2 proxy project oauth2 proxy
13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-41059
>= 7.5.0 and < 7.15.2
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configur
8.2
HIGH
CVE-2026-40575
>= 7.5.0 and < 7.15.2
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a cli
9.1
CRITICAL
CVE-2026-40574
< 7.15.2
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exis
6.8
MEDIUM
CVE-2026-34457
< 7.15.2
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configurat
9.1
CRITICAL
CVE-2026-34454
>= 7.11.0 and < 7.15.2
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OA
3.5
LOW
CVE-2025-54576
< 7.11.0
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into ex
9.1
CRITICAL
CVE-2021-21411
>= 7.0.0 and < 7.1.0
OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-gr
5.5
MEDIUM
CVE-2021-21291
< 7.0.0
OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub,
4.7
MEDIUM
CVE-2020-4037
>= 5.1.1 and < 6.0.0
In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the aut
4.3
MEDIUM
CVE-2020-11053
< 5.1.1
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send
7.1
HIGH
CVE-2020-5233
< 5.0.0
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This
5.9
MEDIUM
CVE-2017-1000070
<= 2.1
The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination
6.1
MEDIUM
CVE-2017-1000069
all versions
CSRF in Bitly oauth2_proxy 2.1 during authentication flow
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin