github.com/ory/oathkeeper
govv0.40.9A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
License Apache-2.0permissive123 versions125 maintainers0 deps3,552 weekly dl
ory/oathkeeper44
/ 100
Health
do not use
github.com/ory/oathkeeper has critical vulnerabilities — do not use
Update to >= 0.40.10-0.20260320084810-e9acca14a04d to fix known vulnerabilities
- 1 high severity vulnerabilities
- 1 critical vulnerabilities
Health breakdown0 – 100
5/25
maintenance
6/20
popularity
8/25
security
15/15
maturity
10/15
community
Vulnerabilities
6
1 critical1 high1 medium3 low
Advisories (6)
| Severity | ID | Summary | Fixed in |
|---|---|---|---|
| high | CVE-2026-33496 | Ory Oathkeeper has an authentication bypass by cache key confusion | 0.40.10-0.20260320084801-198a2bc82a99 |
| critical | CVE-2026-33494 | Ory Oathkeeper has a path traversal authorization bypass | 0.40.10-0.20260320084758-8e0002140491 |
| medium | CVE-2026-33495 | Ory Oathkeeper has an authentication bypass by usage of untrusted header | 0.40.10-0.20260320084810-e9acca14a04d |
| unknown | CVE-2026-33496 | Ory Oathkeeper has an authentication bypass by cache key confusion in github.com/ory/oathkeeper | 0.40.10-0.20260320084801-198a2bc82a99 |
| unknown | CVE-2026-33494 | Ory Oathkeeper has a path traversal authorization bypass in github.com/ory/oathkeeper | 0.40.10-0.20260320084758-8e0002140491 |
| unknown | CVE-2026-33495 | Ory Oathkeeper has an authentication bypass by usage of untrusted header in github.com/ory/oathkeeper | 0.40.10-0.20260320084810-e9acca14a04d |
Health History
Dependency Tree
License Audit
API access
Get this data programmatically — free, no authentication.
curl https://depscope.dev/api/check/go/github.com/ory/oathkeeperLast updated · 2025-01-30T10:09:47Z