VYPR

rpm package

opensuse/python-Authlib&distro=openSUSE Leap 16.0

pkg:rpm/opensuse/python-Authlib&distro=openSUSE%20Leap%2016.0

Vulnerabilities (4)

  • CVE-2026-28498Mar 16, 2026
    affected < 1.5.2-bp160.3.1fixed 1.5.2-bp160.3.1

    Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification

  • CVE-2026-28490Mar 16, 2026
    affected < 1.5.2-bp160.3.1fixed 1.5.2-bp160.3.1

    Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management algori

  • CVE-2026-27962Mar 16, 2026
    affected < 1.5.2-bp160.3.1fixed 1.5.2-bp160.3.1

    Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None

  • CVE-2025-68158Jan 8, 2026
    affected < 1.5.2-bp160.2.1fixed 1.5.2-bp160.2.1

    Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an a