HIGH 7.4 PyPI
GHSA-5357-c2jx-v7qh · CVE-2024-37568, PYSEC-2024-52 Authlib has algorithm confusion with asymmetric public keys
수정: 2025. 11. 3.
package
PyPI / authlib
pkg:pypi/authlib
HIGH PyPI
GHSA-7432-952r-cw78 · CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
수정: 2026. 4. 21.
HIGH PyPI
GHSA-7wc2-qxgw-g8gg · CVE-2026-28802 Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification
수정: 2026. 4. 21.
HIGH 7.5 PyPI
GHSA-9ggr-2464-2j32 · CVE-2025-59420 Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
수정: 2026. 2. 4.
MEDIUM 5.7 PyPI
GHSA-fg6f-75jq-6523 · CVE-2025-68158 Authlib has 1-click Account Takeover vulnerability
수정: 2026. 3. 30.
MEDIUM 6.5 PyPI
GHSA-g7f3-828f-7h7m · CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS
수정: 2026. 2. 4.
MEDIUM 5.4 PyPI
GHSA-jj8c-mmj3-mmgv · CVE-2026-41425, PYSEC-2026-25 Authlib: Cross-site request forging when using cache
수정: 2026. 6. 5.
HIGH PyPI
GHSA-m344-f55w-2m6j · CVE-2026-28498 Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding
수정: 2026. 4. 21.
HIGH 7.5 PyPI
GHSA-pq5p-34cr-23v9 · CVE-2025-61920 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
수정: 2026. 2. 4.
MEDIUM 6.1 PyPI
GHSA-r95x-qfjj-fjj2 · CVE-2026-44681, PYSEC-2026-188 Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect
수정: 2026. 6. 3.
MEDIUM 5.4 PyPI
GHSA-w8p2-r796-3vmq · CVE-2026-41479 Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type
수정: 2026. 6. 8.
CRITICAL 9.1 PyPI
GHSA-wvwj-cvrp-7pv5 · CVE-2026-27962 Authlib JWS JWK Header Injection: Signature Verification Bypass
수정: 2026. 4. 21.
MEDIUM 6.1 PyPI
PYSEC-2026-188 · CVE-2026-44681, GHSA-r95x-qfjj-fjj2 수정: 2026. 6. 3.
MEDIUM 5.4 PyPI
PYSEC-2026-25 · CVE-2026-41425, GHSA-jj8c-mmj3-mmgv 수정: 2026. 5. 20.
— PyPI
PYSEC-2024-52 · CVE-2024-37568, GHSA-5357-c2jx-v7qh 수정: 2024. 6. 10.