pkg:Go/github.com/ory/oathkeeper

9 total CVEsCRITICAL2HIGH5MEDIUM2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2026-33494Ory Oathkeeper has a path traversal authorization bypass
    from 0, < 0.40.10-0.20260320084758-8e0002140491
  • CRITICAL10.0CVE-2026-33494Ory Oathkeeper has a path traversal authorization bypass
    from 0, < 0.40.10-0.20260320084758-8e0002140491
  • HIGH8.1CVE-2026-33496Ory Oathkeeper has an authentication bypass by cache key confusion
    from 0, < 0.40.10-0.20260320084801-198a2bc82a99
  • HIGH8.1CVE-2026-33496Ory Oathkeeper has an authentication bypass by cache key confusion
    from 0, < 0.40.10-0.20260320084801-198a2bc82a99
  • HIGH7.5CVE-2021-32701Possible bypass of token claim validation when OAuth2 Introspection caching is enabled
    >= 0.38.0-beta.2, < 0.38.12-beta.1
  • HIGH7.5CVE-2021-32701Possible bypass of token claim validation when OAuth2 Introspection caching is enabled
    >= 0.38.0-beta.2, < 0.38.12-beta.1
  • HIGH7.5CVE-2021-32701Possible bypass of token claim validation when OAuth2 Introspection caching is enabled
    >= 0.38.0-beta.2, < 0.38.12-beta.1
  • MEDIUM6.5CVE-2026-33495Ory Oathkeeper has an authentication bypass by usage of untrusted header
    from 0, < 0.40.10-0.20260320084810-e9acca14a04d
  • MEDIUM6.5CVE-2026-33495Ory Oathkeeper has an authentication bypass by usage of untrusted header
    from 0, < 0.40.10-0.20260320084810-e9acca14a04d