github.com/steveiliop56/tinyauth (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/steveiliop56/tinyauth, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2026-32246 — CVSS 8.5 (high): Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending…
CVE-2026-33544 — CVSS 7.7 (high): Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations…
CVE-2026-32245 — CVSS 6.5 (medium): Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging…