Package impact
Go / goauthentik.io
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47201 | unknown | — | — | 7h ago | authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user | |||
| CVE-2025-64708 | unknown | — | — | 6mo ago | authentik's invitation expiry is delayed by at least 5 minutes in goauthentik.io | |||
| CVE-2025-64521 | unknown | — | — | 6mo ago | authentik allows a deactivated Service account to authenticate to OAuth in goauthentik.io | |||
| CVE-2025-53942 | unknown | — | — | 10mo ago | Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources in goauthentik.io | |||
| CVE-2024-42490 | unknown | — | — | 2y ago | GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io | |||
| CVE-2024-23647 | unknown | — | — | 2y ago | Authentik vulnerable to PKCE downgrade attack in goauthentik.io |