pkg:Go/github.com/steveiliop56/tinyauth

5 total CVEsHIGH3MEDIUM2

✅ Check your installed version

All known vulnerabilities

  • HIGH8.5CVE-2026-32246Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint
    from 0, < 1.0.1-20260311144920-9eb2d33064b7
  • HIGH8.5CVE-2026-32246Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint
    from 0
  • HIGH7.7CVE-2026-33544Tinyauth has OAuth account confusion via shared mutable state on singleton service instances
    from 0, < 1.0.1-0.20260401140714-fc1d4f2082a5
  • MEDIUM6.5CVE-2026-32245Tinyauth's OIDC authorization codes are not bound to client on token exchange
    from 0, < 1.0.1-20260311144920-9eb2d33064b7
  • MEDIUM6.5CVE-2026-32245Tinyauth's OIDC authorization codes are not bound to client on token exchange
    from 0