web-auth/webauthn-lib Security Advisories for 5.2.1 (2)
-
[LOW] Webauthn: SimpleFakeCredentialGenerator with an empty secret produces predictable fake credentials, weakening username enumeration protection
PKSA-zk1n-qbm6-d3rq GHSA-gq4g-fpc9-vjfq
Affected version: >=4.9.0,<5.3.5
Reported by:
GitHub -
[MEDIUM] Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation
PKSA-n72g-8zd8-6dm2 CVE-2026-30964 GHSA-f7pm-6hr8-7ggm
Affected version: >=5.2.0,<5.2.4
Reported by:
GitHub