EUVD-2025-24029

Malicious code in bioql PyPI...

EUVD-2025-24030

Malicious code in bioql PyPI...

Sensitive Information Exposure

@workos-inc/authkit-remix is vulnerable to Sensitive Information Exposure. The vulnerability is due to sealedSession and accessToken being returned from the authkitLoader, which allows an attacker to obtain sensitive authentication artifacts rendered in the browser HTML...

Sensitive Information Exposure

@workos-inc/authkit-react-router is vulnerable to Sensitive Information Exposure. The vulnerability is due to authentication artifacts such as sealedSession and accessToken being returned from the authkitLoader and rendered into browser HTML, which allows an attacker to obtain sensitive session...

CVE-2025-55008

The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...

CVE-2025-55009

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

Information Exposure

Overview @workos-inc/authkit-react-router is an Authentication and session helpers for using WorkOS & AuthKit with React Router 7+ Affected versions of this package are vulnerable to Information Exposure via the accessToken and sealedSession parameters in the authkitLoader function. An attacker c...

CVE-2025-55008

CVE-2025-55008 affects the AuthKit React Router library for React Router 7+. In versions ≤ 0.6.1, the package exposes sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader , causing them to be rendered into browser HTML (informa...

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

The AuthKit React Router Library rendered sensitive auth data in HTML

In versions before 0.7.0, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. Impact This information disclosure could lead to...