Browse all 9 CVE security advisories affecting oauth2-proxy. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OAuth2-proxy serves as a reverse proxy and authentication gateway for OAuth 2.0, enabling secure access control for web applications and services. Historically, it has been susceptible to multiple vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with nine CVEs documented to date. Notable security characteristics include its role in managing authentication flows and protecting endpoints, though past incidents have revealed flaws in session handling and input validation that could allow unauthorized access or bypass security controls. The project's security posture has evolved through patches, but its complexity in handling authentication tokens and headers remains a potential attack surface requiring careful configuration and monitoring.
CVE-2024-410592026-04-22CVE-2026-05742026-04-22GHSA-v7-15-2-release2026-04-18GHSA-624x-5g9q-753f2026-04-18CVE-2026-344572026-04-18CVE-2025-644842025-11-11Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with oauth2-proxy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.