CVE-2025-55009

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

Information Exposure

Overview @workos-inc/authkit-remix is an Authentication and session helpers for using WorkOS & AuthKit with Remix Affected versions of this package are vulnerable to Information Exposure due to specifically sealedSession and accessToken, which return them from the authkitLoader function. An...

CVE-2025-55009

CVE-2025-55009 affects the AuthKit Remix package @workos-inc/authkit-remix. Versions ≤ 0.14.1 expose sensitive artifacts (sealedSession and accessToken) via the authkitLoader, causing them to be rendered into browser HTML. This creates information exposure and potential session/API access risk, a...

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

AuthKit Remix Library 信息泄露漏洞

AuthKit Remix Library is a WorkOS open source library for authentication and session management. An information disclosure vulnerability exists in AuthKit Remix Library version 0.14.1 and earlier, which stems from exposing sensitive authentication artifacts and could lead to information disclosur...

GHSA-V3GR-W9GF-23CX The AuthKit Remix Library renders sensitive auth data in HTML

Summary Before 0.15.0, @workos-inc/authkit-remix returned sensitive authentication artifacts from the authkitLoader, specifically sealedSession and accessToken. Because these values were returned from the loader, they were embedded into the server-rendered HTML and became readable by any script...

PT-2025-32422 · Workos · Authkit

Name of the Vulnerable Software and Affected Versions: @workos-inc/authkit-remix versions 0.14.1 and below Description: The AuthKit library for Remix exposed sensitive authentication artifacts – specifically sealedSession and accessToken – by returning them from the authkitLoader, causing them to...

Information Exposure

@workos-inc/authkit-remix is vulnerable to Information Exposure. The vulnerability is due to the debug flag being enabled, which allows an attacker to view refresh tokens logged to the console...

CVE-2024-51753 Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default debug flag, is enabled. This issue has been patched in version 0.4.1. A...

GHSA-V2QH-F584-6HJ8 @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

Impact Refresh tokens are logged to the console when the disabled by default debug flag, is enabled. Patches Patched in https://github.com/workos/authkit-remix/releases/tag/v0.4.1...

@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

Impact Refresh tokens are logged to the console when the disabled by default debug flag, is enabled. Patches Patched in https://github.com/workos/authkit-remix/releases/tag/v0.4.1...

AuthKit Remix Library 日志信息泄露漏洞

AuthKit Remix Library is a WorkOS open source library for authentication and session management. A logging information disclosure vulnerability exists in the AuthKit Remix Library, where a refresh token is logged to the console when the "debug" flag is enabled, which is disabled by default...