VYPR

Spotipy

by Spotipy Dev

pypi: spotipy

Source repositories

CVEs (4)

  • CVE-2025-47928CriMay 15, 2025
    risk 0.52cvss 9.1epss 0.00

    Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by the checking out the head.sha of a forked PR can be exploited by attackers, since…

  • CVE-2025-66040LowNov 27, 2025
    risk 0.16cvss 3.6epss 0.00

    Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript…

  • CVE-2025-27154Feb 27, 2025
    risk 0.00cvss epss 0.01

    Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600)…

  • CVE-2023-23608Jan 24, 2023
    risk 0.00cvss epss 0.01

    Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and…