Launch Week Day 1: Announcing Security Design Review
Start for Free
go

goauthentik.io

View on go registry
11 Total advisories
11 Vulnerabilities
0 Malware

Vulnerabilities

HIGH 8.5
Go

CVE-2026-47201

authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user
UNKNOWN
Go

CVE-2025-64521

authentik allows a deactivated Service account to authenticate to OAuth in goauthentik.io
MEDIUM 4.8
Go

CVE-2025-64521

authentik allows a deactivated Service account to authenticate to OAuth
UNKNOWN
Go

CVE-2025-64708

authentik's invitation expiry is delayed by at least 5 minutes in goauthentik.io
MEDIUM 5.8
Go

CVE-2025-64708

authentik's invitation expiry is delayed by at least 5 minutes
UNKNOWN
Go

CVE-2024-42490

GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io
HIGH 8.7
Go

CVE-2024-42490

GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
UNKNOWN
Go

CVE-2025-53942

Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources in goauthentik.io
UNKNOWN
Go

CVE-2025-53942

Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources
UNKNOWN
Go

CVE-2024-23647

Authentik vulnerable to PKCE downgrade attack in goauthentik.io
MEDIUM 6.5
Go

CVE-2024-23647

Authentik vulnerable to PKCE downgrade attack

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes