- Notifications
You must be signed in to change notification settings - Fork1k
Security: coder/coder
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
- Privilege escalation abusing a shared system identity could lead to a cross workspace compromiseGHSA-j6xf-jwrj-v5qp published
Sep 4, 2025 byjdomeracki-coderHigh - Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh tokenGHSA-3rw9-wmc8-8948 published
Aug 28, 2025 bysreyaLow - Post-auth URL redirection to untrusted site ('Open Redirect')GHSA-wcx9-ccpj-hx3c published
Oct 28, 2024 bysreyaModerate - OIDC authentication allows email with partially matching domain to registerGHSA-7cc2-r658-7xpf published
Mar 4, 2024 bykylecarbsHigh