EUVD-2025-24030

Malicious code in bioql PyPI...

CVE-2025-55008

The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...

CVE-2025-55009

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

CVE-2025-55008 AuthKit React Router: Sensitive auth data rendered in HTML

The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by...

CVE-2025-55009

CVE-2025-55009 affects the AuthKit Remix package @workos-inc/authkit-remix. Versions ≤ 0.14.1 expose sensitive artifacts (sealedSession and accessToken) via the authkitLoader, causing them to be rendered into browser HTML. This creates information exposure and potential session/API access risk, a...

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

GHSA-V3GR-W9GF-23CX The AuthKit Remix Library renders sensitive auth data in HTML

Summary Before 0.15.0, @workos-inc/authkit-remix returned sensitive authentication artifacts from the authkitLoader, specifically sealedSession and accessToken. Because these values were returned from the loader, they were embedded into the server-rendered HTML and became readable by any script...

The AuthKit React Router Library rendered sensitive auth data in HTML

In versions before 0.7.0, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. Impact This information disclosure could lead to...