| CVE-2026-34457 |
unknown |
— |
— |
1mo ago |
OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode |
|
| CVE-2025-64484 |
unknown |
— |
— |
7mo ago |
OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation in github.com/oauth2-proxy/oauth2-proxy |
|
| CVE-2025-54576 |
unknown |
— |
— |
10mo ago |
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion in github.com/oauth2-proxy/oauth2-proxy |
|
| CVE-2021-21411 |
unknown |
— |
— |
10mo ago |
OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0 in github.com/oauth2-proxy/oauth2-proxy |
|
| CVE-2020-5233 |
unknown |
— |
— |
5y ago |
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect |
|
| CVE-2020-11053 |
unknown |
— |
— |
5y ago |
Open Redirect in OAuth2 Proxy |
|
| CVE-2020-4037 |
unknown |
— |
— |
5y ago |
Open Redirect in OAuth2 Proxy |
|
| CVE-2021-21291 |
unknown |
— |
— |
5y ago |
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy in github.com/oauth2-proxy/oauth2-proxy |
|