Known Vulnerabilities for products from Ory
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Ory".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33506 json | Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions pr... | Not Provided | 2026-03-26 | 2026-04-17 |
| CVE-2026-33505 json | Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationsh... | Not Provided | 2026-03-26 | 2026-04-17 |
| CVE-2026-33504 json | Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2Conse... | Not Provided | 2026-03-26 | 2026-04-07 |
| CVE-2026-33503 json | Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCou... | Not Provided | 2026-03-26 | 2026-04-17 |
| CVE-2026-33496 json | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on set... | Not Provided | 2026-03-26 | 2026-04-07 |
| CVE-2026-33495 json | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on set... | Not Provided | 2026-03-26 | 2026-04-02 |
| CVE-2026-33494 json | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on set... | Not Provided | 2026-03-26 | 2026-04-07 |
| CVE-2021-32701 json | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on set... | 7.5 - HIGH | 2021-06-22 | 2021-06-30 |
| CVE-2020-15234 json | ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Clien... | 4.8 - MEDIUM | 2020-10-02 | 2021-11-18 |
| CVE-2020-15233 json | ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.3... | 4.8 - MEDIUM | 2020-10-02 | 2021-11-18 |
| CVE-2020-15223 json | In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandle... | 8 - HIGH | 2020-09-24 | 2022-10-21 |
| CVE-2020-15222 json | In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jw... | 8.1 - HIGH | 2020-09-24 | 2021-11-18 |
| CVE-2020-5300 json | In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, whe... | 5.3 - MEDIUM | 2020-04-06 | 2020-04-07 |
| CVE-2019-8400 json | ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. | 6.1 - MEDIUM | 2019-02-17 | 2019-02-20 |