authlib vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-41479Mediumauthlib: Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled…CVE-2026-44681Mediumauthlib: Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open RedirectCVE-2026-41425Mediumauthlib: Authlib: Cross-site request forging when using cacheCVE-2026-28498Highauthlib: Authlib: Fail-Open Cryptographic Verification in OIDC Hash BindingCVE-2026-28490Highauthlib: Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding OracleCVE-2026-27962Criticalauthlib: Authlib JWS JWK Header Injection: Signature Verification BypassCVE-2026-28802Highauthlib: Authlib: Setting `alg: none` and a blank signature appears to bypass signature verificationCVE-2025-68158Mediumauthlib: Authlib has 1-click Account Takeover vulnerabilityCVE-2025-62706Mediumauthlib: Authlib : JWE zip=DEF decompression bomb enables DoSCVE-2025-61920Highauthlib: Authlib is vulnerable to Denial of Service via Oversized JOSE SegmentsCVE-2025-59420Highauthlib: Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)CVE-2024-37568Highauthlib: Authlib has algorithm confusion with asymmetric public keys

Stop the waste.
Protect your environment with Kodem.