Known Vulnerabilities for Openid Connect by Openid
Listed below are 1 of the newest known vulnerabilities associated with "Openid Connect" by "Openid".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-53661 json | Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity ... | Not Provided | 2026-06-11 | 2026-06-11 |
| CVE-2026-49757 json | Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via ... | Not Provided | 2026-06-15 | 2026-06-15 |
| CVE-2026-44681 json | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open... | Not Provided | 2026-05-27 | 2026-06-02 |
| CVE-2026-44394 json | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propag... | Not Provided | 2026-05-28 | 2026-05-28 |
| CVE-2026-44087 json | Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default confi... | Not Provided | 2026-06-19 | 2026-06-22 |
| CVE-2026-42604 json | Actual is a local-first personal finance tool. The `POST /openid/config` endpoint in Actual Budget's sync-server versions <= ... | Not Provided | 2026-06-12 | 2026-06-15 |
| CVE-2026-41479 json | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 aut... | Not Provided | 2026-06-22 | 2026-06-23 |
| CVE-2026-41425 json | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on th... | Not Provided | 2026-04-24 | 2026-04-27 |
| CVE-2026-37979 json | A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpo... | Not Provided | 2026-05-19 | 2026-05-20 |
| CVE-2026-33318 json | Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can e... | Not Provided | 2026-04-24 | 2026-04-25 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Openid | Openid Connect | 1.7.0 | |||
| Application | Openid | Openid Connect | 1.6.3 | |||
| Application | Openid | Openid Connect | 1.6.2 | |||
| Application | Openid | Openid Connect | 1.6.1 | |||
| Application | Openid | Openid Connect | 1.6.0 | |||
| Application | Openid | Openid Connect | 1.5.5 | |||
| Application | Openid | Openid Connect | 1.5.4 | |||
| Application | Openid | Openid Connect | 1.5.3 | |||
| Application | Openid | Openid Connect | 1.5.2 | |||
| Application | Openid | Openid Connect | 1.5.1 | |||
| Application | Openid | Openid Connect | 1.5.0 | |||
| Application | Openid | Openid Connect | 1.4.0 | |||
| Application | Openid | Openid Connect | 1.3.0 | |||
| Application | Openid | Openid Connect | 1.2.0 | |||
| Application | Openid | Openid Connect | 1.1.2 | |||
| Application | Openid | Openid Connect | 1.1.1 | |||
| Application | Openid | Openid Connect | 1.1.0 | |||
| Application | Openid | Openid Connect | 1.0.1 | |||
| Application | Openid | Openid Connect | 1.0.0 |