VYPR

rpm package

opensuse/python-Authlib&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-Authlib&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2026-44681MedMay 27, 2026
    affected < 1.7.2-1.1fixed 1.7.2-1.1

    Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an H

  • CVE-2025-68158Jan 8, 2026
    affected < 1.6.6-1.1fixed 1.6.6-1.1

    Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an a

  • CVE-2025-61920Oct 10, 2025
    affected < 1.6.5-1.1fixed 1.6.5-1.1

    Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds

  • CVE-2024-37568Jun 9, 2024
    affected < 1.3.1-1.1fixed 1.3.1-1.1

    lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)