25 matches found
SUSE CVE-2019-8400
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error errorhint parameter...
SUSE CVE-2026-33504
Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...
GO-2026-4861 Hydra has Reflected XSS via error_hint parameter in github.com/ory/hydra
Hydra has Reflected XSS via errorhint parameter in github.com/ory/hydra. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
EUVD-2026-13916
Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...
CVE-2026-33504
Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...
CVE-2026-33504 Ory Hydra has a SQL injection via forged pagination tokens
Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...
CVE-2026-33504
Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...
CVE-2026-33504 Ory Hydra has a SQL injection via forged pagination tokens
Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...
CVE-2026-33504 Ory Hydra has a SQL injection via forged pagination tokens
Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...
CVE-2026-33504
Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...
CVE-2026-33504
Ory Hydra is affected by a SQL injection vulnerability in Admin APIs (listOAuth2Clients, listOAuth2ConsentSessions, listTrustedOAuth2JwtGrantIssuers) due to flawed pagination token handling. Tokens are encrypted with secrets.pagination (fallback to secrets.system if not set); an attacker who know...
GO-2026-4807 Ory Hydra has a SQL injection via forged pagination tokens in github.com/ory/hydra
Ory Hydra has a SQL injection via forged pagination tokens in github.com/ory/hydra...
GHSA-R9W3-57W2-GCH2 Ory Hydra has a SQL injection via forged pagination tokens
Description Following Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation: - listOAuth2Clients - listOAuth2ConsentSessions - listTrustedOAuth2JwtGrantIssuers Pagination tokens are encrypted using the secret configured in secrets.pagination. If thi...
EUVD-2019-17790
Malware in sbrugna...
MAL-2023-1017 Malicious code in ory-hydra-mock-oauth2-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 65a839721d0fab0dc481a43bb9cf463966ebf8badc1ed1a9beebdc0724262a94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-7V6R-W4R6-MHCH Hydra has Reflected XSS via error_hint parameter
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error errorhint parameter...
Hydra has Reflected XSS via error_hint parameter
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error errorhint parameter...
Cross-site Scripting (XSS)
github.com/ory/hydra is vulnerable to cross-site scripting XSS. The vulnerability exists because it does not escape the errorhint parameter in the default error handler, allowing the attacker to inject arbitrary script through it...
Cross site scripting
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error errorhint parameter...
CVE-2019-8400
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error errorhint parameter...