Security: OpenIdentityPlatform/OpenAM
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAMGHSA-2cqq-rpvq-g5qj published
Apr 7, 2026 by vharsekoCritical -
Using arbitrary OIDC requested claims values in id_token and user_info is allowedGHSA-39hr-239p-fhqc published
Nov 12, 2025 by vharsekoCritical -
OpenAM FreeMarker template injectionGHSA-7726-43hg-m23v published
Jul 24, 2024 by vharsekoHigh -
User impersonation using SAMLv1.x SSO process.GHSA-4mh8-9wq6-rjxg published
Jul 20, 2023 by maximthomasCritical