Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-w8p2-r796-3vmq
  • PyPI/authlib
 Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type 08 Jun
  • Fix available
  • Severity - 5.4 (Medium)
PYSEC-2026-188
  • PyPI/authlib
 See record for full details 27 May
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-r95x-qfjj-fjj2
  • PyPI/authlib
 Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect 13 May
  • Fix available
  • Severity - 6.1 (Medium)
PYSEC-2026-25
  • PyPI/authlib
 See record for full details 24 Apr
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-jj8c-mmj3-mmgv
  • PyPI/authlib
 Authlib: Cross-site request forging when using cache 16 Apr
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-m344-f55w-2m6j
  • PyPI/authlib
 Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding 16 Mar
  • Fix available
  • Severity - 8.2 (High)
GHSA-7432-952r-cw78
  • PyPI/authlib
 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle 16 Mar
  • Fix available
  • Severity - 8.3 (High)
GHSA-wvwj-cvrp-7pv5
  • PyPI/authlib
 Authlib JWS JWK Header Injection: Signature Verification Bypass 16 Mar
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-7wc2-qxgw-g8gg
  • PyPI/authlib
 Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification 04 Mar
  • Fix available
  • Severity - 7.7 (High)
GHSA-fg6f-75jq-6523
  • PyPI/authlib
 Authlib has 1-click Account Takeover vulnerability 08 Jan
  • Fix available
  • Severity - 5.7 (Medium)
GHSA-g7f3-828f-7h7m
  • PyPI/authlib
 Authlib : JWE zip=DEF decompression bomb enables DoS 10 Oct 2025
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-pq5p-34cr-23v9
  • PyPI/authlib
 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments 10 Oct 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-9ggr-2464-2j32
  • PyPI/authlib
 Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass) 22 Sep 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-5357-c2jx-v7qh
  • PyPI/authlib
 Authlib has algorithm confusion with asymmetric public keys 09 Jun 2024
  • Fix available
  • Severity - 7.4 (High)
PYSEC-2024-52
  • PyPI/authlib
 See record for full details 09 Jun 2024
  • Fix available