Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

workos

Source -

NVDCNA

BOS Name -

N/A

CNA CVEs -

5

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated ProductsRelated AssignersReports
5Vulnerabilities found
CVE-2025-55008
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.86%
||
7 Day CHG~0.00%
Published-09 Aug, 2025 | 02:02
Updated-11 Aug, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AuthKit React Router: Sensitive auth data rendered in HTML

The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. This issue is fixed in version 0.7.0.

Action-Not Available
Vendor-workos
Product-authkit-react-router
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-55009
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.86%
||
7 Day CHG~0.00%
Published-09 Aug, 2025 | 02:02
Updated-11 Aug, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader. This caused them to be rendered into the browser HTML.

Action-Not Available
Vendor-workos
Product-authkit-remix
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-51752
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 17.09%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 19:16
Updated-06 Nov, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-nextjs

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-workos
Product-authkit-nextjs
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-51753
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 17.09%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 19:14
Updated-06 Nov, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.4.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-workos
Product-authkit-remix
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-29901
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.35% / 56.83%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 15:23
Updated-07 May, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
@workos-inc/authkit-nextjs session replay vulnerability

The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.

Action-Not Available
Vendor-workosworkos
Product-authkitauthkit-nextjs
CWE ID-CWE-294
Authentication Bypass by Capture-replay