SUSE CVE-2026-33495

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the...

CVE-2026-33496

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distingui...

Directory Traversal

Overview github.com/ory/oathkeeper/proxy is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules Affected versions of this package are vulnerable to Directory Traversal due to improper validation of user-supplied input when pat...

EUVD-2021-1410

Malware in sbrugna...

EUVD-2024-3127

Malicious code in bioql PyPI...

CVE-2021-32701

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope foo using an access token granted with that foo scope, introspection will be valid and that...

Incorrect Authorization in ORY Oathkeeper

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope foo using an access token granted with that foo scope, introspection will be valid and that...

CVE-2021-32701

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope foo using an access token granted with that foo scope, introspection will be valid and that...

Design/Logic Flaw

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope foo using an access token granted with that foo scope, introspection will be valid and that...

ORY Oathkeeper 安全漏洞

ORY Oathkeeper is an open source an Identity Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on a set of access rules. A security vulnerability exists in ORY Oathkeeper, which stems from an Identity Access Proxy IAP and Access Control Decision API that...