Search criteria
4 vulnerabilities found for authkit-remix by workos
CVE-2025-55009 (GCVE-0-2025-55009)
Vulnerability from cvelistv5 – Published: 2025-08-09 02:02 – Updated: 2025-08-11 14:35
VLAI?
Title
AuthKit: Sensitive auth data rendered in HTML
Summary
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader. This caused them to be rendered into the browser HTML.
Severity ?
7.1 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| workos | authkit-remix |
Affected:
< 0.15.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T14:35:41.842990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T14:35:52.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "authkit-remix",
"vendor": "workos",
"versions": [
{
"status": "affected",
"version": "\u003c 0.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS \u0026 AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts \u2014 specifically sealedSession and accessToken \u2014 by returning them from the authkitLoader. This caused them to be rendered into the browser HTML."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-09T02:02:07.611Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/workos/authkit-remix/security/advisories/GHSA-v3gr-w9gf-23cx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/workos/authkit-remix/security/advisories/GHSA-v3gr-w9gf-23cx"
},
{
"name": "https://github.com/workos/authkit-remix/commit/20102afc74bf3dd5150a975a098067fb406b90b6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/workos/authkit-remix/commit/20102afc74bf3dd5150a975a098067fb406b90b6"
},
{
"name": "https://github.com/workos/authkit-remix/releases/tag/v0.15.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/workos/authkit-remix/releases/tag/v0.15.0"
}
],
"source": {
"advisory": "GHSA-v3gr-w9gf-23cx",
"discovery": "UNKNOWN"
},
"title": "AuthKit: Sensitive auth data rendered in HTML"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55009",
"datePublished": "2025-08-09T02:02:07.611Z",
"dateReserved": "2025-08-04T17:34:24.422Z",
"dateUpdated": "2025-08-11T14:35:52.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51753 (GCVE-0-2024-51753)
Vulnerability from cvelistv5 – Published: 2024-11-05 19:14 – Updated: 2024-11-05 20:16
VLAI?
Title
Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix
Summary
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.4.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| workos | authkit-remix |
Affected:
< 0.4.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T20:15:29.247219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T20:16:29.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "authkit-remix",
"vendor": "workos",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS \u0026 AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.4.1. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T19:14:47.097Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/workos/authkit-remix/security/advisories/GHSA-v2qh-f584-6hj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/workos/authkit-remix/security/advisories/GHSA-v2qh-f584-6hj8"
},
{
"name": "https://github.com/workos/authkit-remix/commit/32d5bcd54c795c1e2a3204f8e3977ab9ad57ec06",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/workos/authkit-remix/commit/32d5bcd54c795c1e2a3204f8e3977ab9ad57ec06"
},
{
"name": "https://github.com/workos/authkit-remix/releases/tag/v0.4.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/workos/authkit-remix/releases/tag/v0.4.1"
}
],
"source": {
"advisory": "GHSA-v2qh-f584-6hj8",
"discovery": "UNKNOWN"
},
"title": "Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51753",
"datePublished": "2024-11-05T19:14:47.097Z",
"dateReserved": "2024-10-31T14:12:45.791Z",
"dateUpdated": "2024-11-05T20:16:29.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55009 (GCVE-0-2025-55009)
Vulnerability from nvd – Published: 2025-08-09 02:02 – Updated: 2025-08-11 14:35
VLAI?
Title
AuthKit: Sensitive auth data rendered in HTML
Summary
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader. This caused them to be rendered into the browser HTML.
Severity ?
7.1 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| workos | authkit-remix |
Affected:
< 0.15.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T14:35:41.842990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T14:35:52.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "authkit-remix",
"vendor": "workos",
"versions": [
{
"status": "affected",
"version": "\u003c 0.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS \u0026 AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts \u2014 specifically sealedSession and accessToken \u2014 by returning them from the authkitLoader. This caused them to be rendered into the browser HTML."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-09T02:02:07.611Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/workos/authkit-remix/security/advisories/GHSA-v3gr-w9gf-23cx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/workos/authkit-remix/security/advisories/GHSA-v3gr-w9gf-23cx"
},
{
"name": "https://github.com/workos/authkit-remix/commit/20102afc74bf3dd5150a975a098067fb406b90b6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/workos/authkit-remix/commit/20102afc74bf3dd5150a975a098067fb406b90b6"
},
{
"name": "https://github.com/workos/authkit-remix/releases/tag/v0.15.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/workos/authkit-remix/releases/tag/v0.15.0"
}
],
"source": {
"advisory": "GHSA-v3gr-w9gf-23cx",
"discovery": "UNKNOWN"
},
"title": "AuthKit: Sensitive auth data rendered in HTML"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55009",
"datePublished": "2025-08-09T02:02:07.611Z",
"dateReserved": "2025-08-04T17:34:24.422Z",
"dateUpdated": "2025-08-11T14:35:52.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51753 (GCVE-0-2024-51753)
Vulnerability from nvd – Published: 2024-11-05 19:14 – Updated: 2024-11-05 20:16
VLAI?
Title
Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix
Summary
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.4.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| workos | authkit-remix |
Affected:
< 0.4.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T20:15:29.247219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T20:16:29.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "authkit-remix",
"vendor": "workos",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS \u0026 AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.4.1. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T19:14:47.097Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/workos/authkit-remix/security/advisories/GHSA-v2qh-f584-6hj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/workos/authkit-remix/security/advisories/GHSA-v2qh-f584-6hj8"
},
{
"name": "https://github.com/workos/authkit-remix/commit/32d5bcd54c795c1e2a3204f8e3977ab9ad57ec06",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/workos/authkit-remix/commit/32d5bcd54c795c1e2a3204f8e3977ab9ad57ec06"
},
{
"name": "https://github.com/workos/authkit-remix/releases/tag/v0.4.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/workos/authkit-remix/releases/tag/v0.4.1"
}
],
"source": {
"advisory": "GHSA-v2qh-f584-6hj8",
"discovery": "UNKNOWN"
},
"title": "Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51753",
"datePublished": "2024-11-05T19:14:47.097Z",
"dateReserved": "2024-10-31T14:12:45.791Z",
"dateUpdated": "2024-11-05T20:16:29.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}