{"package":"github.com/ory/kratos","ecosystem":"go","latest_version":"v1.3.1","description":"Headless cloud-native authentication and identity management written in Go. Scales to a billion+ users. Replace Homegrown, Auth0, Okta, Firebase with better UX and DX. Passkeys, Social Sign In, OIDC, Magic Link, Multi-Factor Auth, SMS, SAML, TOTP, and more. Runs everywhere, runs best on Ory Network. ","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/ory/kratos","repository":"https://github.com/ory/kratos","downloads_weekly":13591,"health":{"score":63,"risk":"moderate","breakdown":{"maintenance":5,"popularity":10,"security":20,"maturity":15,"community":13},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":1,"medium":0,"low":1,"details":[{"vuln_id":"CVE-2026-33503","severity":"high","summary":"Ory Kratos has a SQL injection via forged pagination tokens","affected_versions":"<1.3.1-0.20260320110106-9d7085948039","fixed_version":"1.3.1-0.20260320110106-9d7085948039","source":"osv","published_at":"2026-03-20T20:54:54Z","in_kev":false,"epss_prob":0.00012,"epss_percentile":0.01642,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-33503","severity":"unknown","summary":"Ory Kratos has a SQL injection via forged pagination tokens in github.com/ory/kratos","affected_versions":"<1.3.1-0.20260320110106-9d7085948039","fixed_version":"1.3.1-0.20260320110106-9d7085948039","source":"osv","published_at":"2026-03-23T18:16:18Z","in_kev":false,"epss_prob":0.00012,"epss_percentile":0.01642,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.3.1","total_count":102,"recent":["v0.3.0-alpha.1","v1.1.0-pre.0","v0.11.1","v0.9.0-alpha.1","v0.0.1-alpha.3","v0.1.0-alpha.5","v0.13.0","v0.14.0-pre.0","v0.5.4-alpha.1","v0.8.0-alpha.3","v0.0.1-alpha.6","v0.0.3-alpha.9","v0.0.3-alpha.5","v0.9.0-alpha.2","v1.1.0","v0.11.0-alpha.0.pre.2","v0.0.1-alpha.1","v0.7.2-alpha.1","v0.11.0-alpha.0.pre.0","v0.0.1-alpha.9"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":245,"first_published":null,"last_published":"2024-10-28T09:04:20Z","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"v1.3.1","version_hint":"Update to >= 1.3.1-0.20260320110106-9d7085948039 to fix known vulnerabilities","summary":"github.com/ory/kratos@v1.3.1 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}