PyPI / authlib

Modified: 6/3/2026

Modified: 5/20/2026

Authlib has algorithm confusion with asymmetric public keys

Modified: 11/3/2025

Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

Modified: 4/21/2026

Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification

Modified: 4/21/2026

Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)

Modified: 2/4/2026

Authlib has 1-click Account Takeover vulnerability

Modified: 3/30/2026

Authlib : JWE zip=DEF decompression bomb enables DoS

Modified: 2/4/2026

Authlib: Cross-site request forging when using cache

Modified: 6/5/2026

Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding

Modified: 4/21/2026

Authlib is vulnerable to Denial of Service via Oversized JOSE Segments

Modified: 2/4/2026

Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect

Modified: 6/3/2026

Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type

Modified: 6/8/2026

Authlib JWS JWK Header Injection: Signature Verification Bypass

Modified: 4/21/2026

Modified: 6/10/2024