OSV - Open Source Vulnerabilities

GHSA-jj8c-mmj3-mmgv

PyPI/authlib

Authlib: Cross-site request forging when using cache

16 Apr

Fix available
Severity - 5.4 (Medium)

GHSA-m344-f55w-2m6j

PyPI/authlib

Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding

16 Mar

Fix available
Severity - 8.2 (High)

GHSA-7432-952r-cw78

PyPI/authlib

Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

16 Mar

Fix available
Severity - 8.3 (High)

GHSA-wvwj-cvrp-7pv5

PyPI/authlib

Authlib JWS JWK Header Injection: Signature Verification Bypass

16 Mar

Fix available
Severity - 9.1 (Critical)

GHSA-7wc2-qxgw-g8gg

PyPI/authlib

Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification

04 Mar

Fix available
Severity - 7.7 (High)

GHSA-fg6f-75jq-6523

PyPI/authlib

Authlib has 1-click Account Takeover vulnerability

08 Jan

Fix available
Severity - 5.7 (Medium)

GHSA-g7f3-828f-7h7m

PyPI/authlib

Authlib : JWE zip=DEF decompression bomb enables DoS

10 Oct 2025

Fix available
Severity - 6.5 (Medium)

GHSA-pq5p-34cr-23v9

PyPI/authlib

Authlib is vulnerable to Denial of Service via Oversized JOSE Segments

10 Oct 2025

Fix available
Severity - 7.5 (High)

GHSA-9ggr-2464-2j32

PyPI/authlib

Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)

22 Sep 2025

Fix available
Severity - 7.5 (High)

GHSA-5357-c2jx-v7qh

PyPI/authlib

Authlib has algorithm confusion with asymmetric public keys

09 Jun 2024

Fix available
Severity - 7.4 (High)

PYSEC-2024-52

PyPI/authlib

See record for full details

09 Jun 2024

Fix available