| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-46249 | authentik potential installation takeover when default admin user is deleted | goauthentik | authentik | Critical | 9.6 | 2023-10-31 15:20:35 | Deep Dive |
| CVE-2023-39522 | Username enumeration attack in goauthentik | goauthentik | authentik | Medium | 5.3 | 2023-08-29 17:23:37 | Deep Dive |
| CVE-2023-36456 | Authentik lacks Proxy IP headers validation | goauthentik | authentik | High | 8.3 | 2023-07-06 18:24:03 | Deep Dive |
| CVE-2023-26481 | Insufficient user check in FlowTokens by Email stage | goauthentik | authentik | Critical | 9.1 | 2023-03-04 00:30:17 | Deep Dive |
| CVE-2022-46172 | authentik allows existing authenticated users to create arbitrary accounts | goauthentik | authentik | Medium | 6.4 | 2022-12-28 06:16:22 | Deep Dive |
| CVE-2022-23555 | authentik vulnerable to Improper Authentication via invitation URL token reuse | goauthentik | authentik | Critical | 9.4 | 2022-12-28 00:12:36 | Deep Dive |
| CVE-2022-46145 | authentik vulnerable to unauthorized user creation and potential account takeover | goauthentik | authentik | High | 8.1 | 2022-12-02 17:12:42 | Deep Dive |