Oauth2 Proxy Project Oauth2 Proxy — known CVE vulnerabilities
Every CVE whose affected-product data names Oauth2 Proxy Project Oauth2 Proxy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2025-54576 — CVSS 9.1 (critical): OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing…
CVE-2026-40575 — CVSS 9.1 (critical): OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a…
CVE-2026-34457 — CVSS 9.1 (critical): OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a…
CVE-2026-41059 — CVSS 8.2 (high): OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a…
CVE-2020-11053 — CVSS 7.1 (high): In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the…
CVE-2026-40574 — CVSS 6.8 (medium): OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in…
CVE-2017-1000070 — CVSS 6.1 (medium): The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the…
CVE-2020-5233 — CVSS 5.9 (medium): OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been…
CVE-2021-21411 — CVSS 5.5 (medium): OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag…
CVE-2021-21291 — CVSS 4.7 (medium): OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and…
CVE-2020-4037 — CVSS 4.3 (medium): In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the…
CVE-2026-34454 — CVSS 3.5 (low): OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2…