VYPR

rpm package

opensuse/python-spotipy&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-spotipy&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2025-66040LowNov 27, 2025
    affected < 2.25.2-1.1fixed 2.25.2-1.1

    Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript

  • CVE-2025-27154Feb 27, 2025
    affected < 2.25.1-1.1fixed 2.25.1-1.1

    Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permis