rpm package
opensuse/python-spotipy&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-spotipy&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-66040 | Low | 3.6 | < 2.25.2-1.1 | 2.25.2-1.1 | Nov 27, 2025 | Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript | |
| CVE-2025-27154 | — | < 2.25.1-1.1 | 2.25.1-1.1 | Feb 27, 2025 | Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permis |
- affected < 2.25.2-1.1fixed 2.25.2-1.1
Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript
- CVE-2025-27154Feb 27, 2025affected < 2.25.1-1.1fixed 2.25.1-1.1
Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permis