pkg:Go/github.com/oauth2-proxy/oauth2-proxy/v7
13 total CVEsCRITICAL4HIGH3MEDIUM5LOW1
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.1CVE-2026-40575OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing>= 7.5.0, < 7.15.2
- CRITICAL9.1CVE-2026-34457OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Modefrom 0, < 7.15.2
- CRITICAL9.1CVE-2025-54576OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion in github.com/oauth2-proxy/oauth2-proxyfrom 0, < 7.11.0
- CRITICAL9.1CVE-2025-54576OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion in github.com/oauth2-proxy/oauth2-proxyfrom 0, < 7.11.0
- HIGH8.5CVE-2025-64484OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation in github.com/oauth2-proxy/oauth2-proxyfrom 0, < 7.13.0
- HIGH8.5CVE-2025-64484OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation in github.com/oauth2-proxy/oauth2-proxyfrom 0, < 7.13.0
- HIGH8.2CVE-2026-41059OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex>= 7.5.0, < 7.15.2
- MEDIUM6.8CVE-2026-40574OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claimsfrom 0, < 7.15.2
- MEDIUM5.5CVE-2021-21411OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0from 0, < 7.1.0
- MEDIUM5.5CVE-2021-21411OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0from 0, < 7.1.0
- MEDIUM5.4CVE-2021-21291Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxyfrom 0, < 7.0.0
- MEDIUM5.4CVE-2021-21291Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxyfrom 0, < 7.0.0
- >= 7.11.0, < 7.15.2