Information about security vulnerabilities concerning the OAuth specifications and OAuth implementations

This list was created to allow security researchers and other parties to submitting information related to discovered security vulnerabilities concerning the OAuth specifications and OAuth implementations. The aim is to provide those who discover security problems to have an easy way to report their findings to a small group of standardization experts, which includes the OAuth working group chairs, in a confidential manner. The group then has to decide on how to utilize the obtained information to initiate discussions on IETF mailing list or with impacted implementers.

Important Note: Since vulnerability reports will be submitted to this list it is not a public mailing list. The OAuth WG chairs will invite experts to join this list.

To contact the list owners, use the following email address:


IETF Mailarchive

Subscription / Unsubscription

To subscribe or unsubscribe from this list, please sign in first. If you have not previously signed in, you may need to set up an account with the appropriate email address.

Sign In

You can also subscribe without creating an account. If you wish to do so, please use the form below.