Vulnerabilities in web-auth

2 results

CVE-2024-39912MEDIUMEnumeration of valid usernames in web-auth/webauthn-libEPSS 0.4%CVE-2026-30964MEDIUMWebauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validationEPSS 0.2%