BIT-AUTHENTIK-2025-64521 authentik deactivated service accounts can authenticate to OAuth

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...

SUSE CVE-2025-64521

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...

CVE-2025-64521

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...

CVE-2025-64708 authentik invitation expiry is delayed by at least 5 minutes

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

CVE-2025-64521 authentik deactivated service accounts can authenticate to OAuth

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...

EUVD-2022-29625

Malicious code in bioql PyPI...

CVE-2025-59044

CVE-2025-59044 affects Himmelblau 0.9.x, where group-to-GID mapping derives numeric GIDs from Entra ID group displayName when id_attr_map = name. This can cause distinct groups sharing a displayName to collapse to the same GID on Linux, enabling privilege escalation if access is controlled by num...

Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers

Impact For Cilium users who: - Use Gateway API for Ingress for some services AND - Use LB-IPAM or BGP for LB Service implementation AND - Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces Egress traffic from workloads covered by such netwo...

GHSA-24QP-4XX8-3JVJ Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers

Impact For Cilium users who: - Use Gateway API for Ingress for some services AND - Use LB-IPAM or BGP for LB Service implementation AND - Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces Egress traffic from workloads covered by such netwo...

CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...

PT-2022-27762

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2022.11.2 authentik versions prior to 2022.10.2 Description authentik is an open-source identity provider. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that...