VYPR

Fastapi SSO

by Tomasvotava

Source repositories

CVEs (1)

  • CVE-2025-14546MedDec 19, 2025
    risk 0.34cvss 6.3epss 0.00

    Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery (CSRF) due to the improper validation of the OAuth state parameter during the authentication callback. While the get_login_url method allows for state generation, it does not persist…