Spomky-labs Webauthn Framwork — known CVE vulnerabilities
Every CVE whose affected-product data names Spomky-labs Webauthn Framwork, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-38299 — CVSS 9.8 (critical): Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user's system is able to login to a…
CVE-2026-30964 — CVSS 5.4 (medium): web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication…