Every CVE whose affected-product data names Linuxfoundation Dex, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2020-27847 — CVSS 9.8 (critical): A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw…
CVE-2020-26290 — CVSS 9.3 (critical): Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which…
CVE-2022-39222 — CVSS 9.3 (critical): Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by…
CVE-2024-23656 — CVSS 7.5 (high): Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0…