pkg:Go/github.com/oauth2-proxy/oauth2-proxy

9 total CVEsCRITICAL2HIGH2MEDIUM5

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.1CVE-2026-34457OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode
    from 0, <= 3.2.0
  • CRITICAL9.1CVE-2025-54576OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion in github.com/oauth2-proxy/oauth2-proxy
    from 0
  • HIGH8.5CVE-2025-64484OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation in github.com/oauth2-proxy/oauth2-proxy
    from 0
  • HIGH7.1CVE-2020-11053Open Redirect in OAuth2 Proxy
    from 0, < 5.1.1
  • MEDIUM5.9CVE-2020-5233The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
    from 0, < 5.0.0
  • MEDIUM5.5CVE-2021-21411OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0
    from 0
  • MEDIUM5.4CVE-2021-21291Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy
    from 0
  • MEDIUM5.4CVE-2021-21291Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy
    from 0, <= 3.2.0
  • MEDIUM4.3CVE-2020-4037Open Redirect in OAuth2 Proxy
    >= 5.1.1, < 6.0.0