Browse all 5 CVE security advisories affecting OpenIDC. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenIDC provides identity and access management solutions, enabling secure authentication and authorization across applications. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. The project maintains five CVE records, with some issues allowing attackers to execute arbitrary code or bypass security controls. While no major public incidents have been widely documented, the consistent presence of critical vulnerabilities in past versions highlights the importance of timely updates and hardening. Organizations should implement least privilege principles and monitor for emerging threats when deploying OpenIDC in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-31492 | mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data — mod_auth_openidcCWE-200 | 7.5AI | HighAI | 2025-04-06 |
| CVE-2024-24814 | Denial of service when manipulating mod_auth_openidc_session_chunks cookie in mod_auth_openidc — mod_auth_openidcCWE-400 | 7.5 | High | 2024-02-13 |
| CVE-2023-37464 | Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose — cjoseCWE-327 | 8.6 | High | 2023-07-14 |
| CVE-2023-28625 | mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied — mod_auth_openidcCWE-476 | 7.5 | High | 2023-04-03 |
| CVE-2020-26244 | Cryptographic issues in Python oic — pyoidcCWE-325 | 6.8 | Medium | 2020-12-02 |
This page lists every published CVE security advisory associated with OpenIDC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.