Security Overview · jupyterhub/oauthenticator · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0
GHSA-gprj-3p75-f996 published Jun 11, 2024 by yuvipanda

High
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of a Google organizations/workspaces
GHSA-55m3-44xf-hg4h published Mar 20, 2024 by consideRatio

High
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator
GHSA-r7v4-jwx9-wx43 published Jun 6, 2022 by consideRatio

Low
Base class whitelist configuration ignored - any authenticated user get access
GHSA-384w-5v3f-q499 published Nov 30, 2020 by minrk

High

Learn more about advisories related to jupyterhub/oauthenticator in the GitHub Advisory Database