VulnerableCode Package Details - pkg:pypi/authlib@0.12

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/authlib@0.12

Essentials
History (15)

purl	pkg:pypi/authlib@0.12

Next non-vulnerable version	1.6.12
Latest non-vulnerable version	1.7.1
Risk	4.0

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-3ny1-u6w7-jqdz Aliases: CVE-2025-59420 GHSA-9ggr-2464-2j32	Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4.	1.6.4 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-62ms-nmn4-qyf4 Aliases: CVE-2025-61920 GHSA-pq5p-34cr-23v9		1.6.5 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9fxn-u16u-n3f3 Aliases: CVE-2026-44681 GHSA-r95x-qfjj-fjj2 PYSEC-2026-188		1.6.12 Affected by 0 other vulnerabilities. 1.7.1 Affected by 0 other vulnerabilities.
VCID-bney-ctyr-1uaf Aliases: CVE-2026-27962 GHSA-wvwj-cvrp-7pv5		1.6.9 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-j4a6-4vvj-x3gq Aliases: CVE-2026-28498 GHSA-m344-f55w-2m6j		1.6.9 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kf36-j71r-kqaz Aliases: CVE-2025-62706 GHSA-g7f3-828f-7h7m		1.6.5 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-sjwj-7mk7-mych Aliases: CVE-2026-41425 GHSA-jj8c-mmj3-mmgv PYSEC-2026-25		1.6.11 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-spsb-6z2a-3uhh Aliases: CVE-2026-28490 GHSA-7432-952r-cw78		1.6.9 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-za4z-2u4g-7ydb Aliases: CVE-2024-37568 GHSA-5357-c2jx-v7qh PYSEC-2024-52		1.3.1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T22:29:31.084779+00:00	GitLab Importer	Affected by	VCID-9fxn-u16u-n3f3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/authlib/CVE-2026-44681.yml	38.6.0
2026-06-12T22:08:47.780270+00:00	GitLab Importer	Affected by	VCID-sjwj-7mk7-mych	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/authlib/CVE-2026-41425.yml	38.6.0
2026-06-12T21:29:46.353561+00:00	GitLab Importer	Affected by	VCID-bney-ctyr-1uaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/authlib/CVE-2026-27962.yml	38.6.0
2026-06-12T21:29:43.731186+00:00	GitLab Importer	Affected by	VCID-spsb-6z2a-3uhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/authlib/CVE-2026-28490.yml	38.6.0
2026-06-12T21:29:39.244325+00:00	GitLab Importer	Affected by	VCID-j4a6-4vvj-x3gq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/authlib/CVE-2026-28498.yml	38.6.0
2026-06-12T20:23:48.431360+00:00	GitLab Importer	Affected by	VCID-62ms-nmn4-qyf4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/authlib/CVE-2025-61920.yml	38.6.0
2026-06-12T20:23:48.098713+00:00	GitLab Importer	Affected by	VCID-kf36-j71r-kqaz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/authlib/CVE-2025-62706.yml	38.6.0
2026-06-12T20:20:12.942204+00:00	GitLab Importer	Affected by	VCID-3ny1-u6w7-jqdz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/authlib/CVE-2025-59420.yml	38.6.0
2026-06-12T19:32:18.798638+00:00	GitLab Importer	Affected by	VCID-za4z-2u4g-7ydb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/authlib/CVE-2024-37568.yml	38.6.0
2026-06-12T04:22:15.858858+00:00	Pypa Importer	Affected by	VCID-9fxn-u16u-n3f3	https://github.com/pypa/advisory-database/blob/main/vulns/authlib/PYSEC-2026-188.yaml	38.6.0
2026-06-12T04:21:50.549446+00:00	Pypa Importer	Affected by	VCID-sjwj-7mk7-mych	https://github.com/pypa/advisory-database/blob/main/vulns/authlib/PYSEC-2026-25.yaml	38.6.0
2026-06-12T04:18:43.528794+00:00	Pypa Importer	Affected by	VCID-za4z-2u4g-7ydb	https://github.com/pypa/advisory-database/blob/main/vulns/authlib/PYSEC-2024-52.yaml	38.6.0
2026-06-11T21:06:31.605465+00:00	PyPI Importer	Affected by	VCID-9fxn-u16u-n3f3	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-11T21:06:02.844383+00:00	PyPI Importer	Affected by	VCID-sjwj-7mk7-mych	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-11T21:02:33.704314+00:00	PyPI Importer	Affected by	VCID-za4z-2u4g-7ydb	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0