Browse all 7 CVE security advisories affecting workos. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WorkOS provides identity and access management solutions for enterprises, enabling secure authentication and authorization workflows. Historically, the platform has been susceptible to vulnerabilities including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, with seven CVEs documented to date. These issues often stem from improper input validation and misconfigured access controls. While no major public security incidents have been reported, the presence of multiple CVEs indicates potential risks in web application security and API protection. Organizations implementing WorkOS should ensure timely patching and conduct regular security assessments to mitigate these vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-64762 | authkit-nextjs may let session cookies be cached in CDNs — authkit-nextjsCWE-524 | 4.2 | - | 2025-11-21 |
| CVE-2025-55008 | AuthKit React Router: Sensitive auth data rendered in HTML — authkit-react-routerCWE-200 | 7.1 | High | 2025-08-09 |
| CVE-2025-55009 | AuthKit: Sensitive auth data rendered in HTML — authkit-remixCWE-200 | 7.1 | High | 2025-08-09 |
| CVE-2025-23017 | WorkOS Hosted AuthKit 安全漏洞 — Hosted AuthKitCWE-305 | 6.0 | Medium | 2025-02-24 |
| CVE-2024-51752 | Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-nextjs — authkit-nextjsCWE-532 | 5.3AI | MediumAI | 2024-11-05 |
| CVE-2024-51753 | Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix — authkit-remixCWE-532 | 5.3AI | MediumAI | 2024-11-05 |
| CVE-2024-29901 | @workos-inc/authkit-nextjs session replay vulnerability — authkit-nextjsCWE-294 | 4.8 | Medium | 2024-03-29 |
This page lists every published CVE security advisory associated with workos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.