VYPR

PyPI package

spotipy

pkg:pypi/spotipy

Vulnerabilities (3)

  • CVE-2025-66040LowNov 27, 2025
    affected < 2.25.2fixed 2.25.2

    Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript

  • CVE-2025-27154Feb 27, 2025
    affected < 2.25.1fixed 2.25.1

    Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permis

  • CVE-2023-23608Jan 24, 2023
    affected < 2.22.1fixed 2.22.1

    Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and U