league/oauth2-server

A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.

Latest 9.3.0

Packagist

100%

Total Score

Dependencies

100

Maturity

100

Supply Chain

100

Vulnerabilities

Title	Versions	Severity
AIKIDO-2025-10853 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. league/oauth2-server is vulnerable to Generation of Error Message Containing Sensitive Information in versions 0.0.1 - 9.2.0.	0.0.1 - 9.2.0	Low
AIKIDO-2024-10388 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. league/oauth2-server is vulnerable to Return of Wrong Status Code in versions 6.0.2 - 8.5.4.	6.0.2 - 8.5.4	Low
CVE-2023-37260 league/oauth2-server is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in versions 8.3.2 - 8.4.2 and 8.5.0 - 8.5.3.	8.3.2 - 8.4.28.5.0 - 8.5.3	High

Package versions

Maintainers

Alex Bilbie

Andy Millington

Direct Dependencies

Dependency	Last Release	Score
league/uri Version ^7.0	—	—
lcobucci/jwt Version ^5.0	—	—
league/event Version ^3.0	—	—
lcobucci/clock Version ^2.3 \|\| ^3.0	—	—
psr/http-message Version ^2.0	—	—