ByteOS Network

authkit-remix

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-55009

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.93%

7 Day CHG~0.00%

Published-09 Aug, 2025 | 02:02

Updated-11 Aug, 2025 | 18:32

AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader. This caused them to be rendered into the browser HTML.

Vendor-workos

Product-authkit-remix

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2024-51753

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-2.1||LOW

EPSS-0.06% / 17.19%

7 Day CHG~0.00%

Published-05 Nov, 2024 | 19:14

Updated-06 Nov, 2024 | 18:17

Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.4.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor-workos

Product-authkit-remix

CWE ID-CWE-532

Insertion of Sensitive Information into Log File