Oauth2-server Project Oauth2-server — known CVE vulnerabilities
Every CVE whose affected-product data names Oauth2-server Project Oauth2-server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2017-18924 — CVSS 7.5 (high): oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection…
CVE-2020-26938 — CVSS 7.2 (high): In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and…