github.com/ory/hydra

Go3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/ory/hydrapage 1 of 1

CVE-2019-8400MEDIUMCVSS 6.1EG 6.1
2019-02-17
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.
CVE-2020-5300MEDIUMCVSS 5.8EG 5.8✓ Fixed in 1.4.0
2020-04-06
In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertio…
CVE-2026-33504HIGHCVSS 7.2EG 7.2
2026-03-26
Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to fl…

Check whether github.com/ory/hydra is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/ory/hydra CVEs against the assets you own.

Start Free Scan →