VulnerableCode Package Details - pkg:pypi/authlib@0.9

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/authlib@0.9

Essentials
History (2)

purl	pkg:pypi/authlib@0.9

Next non-vulnerable version	1.6.11
Latest non-vulnerable version	1.6.11
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-hrf7-xz6n-efcg Aliases: CVE-2026-41425 GHSA-jj8c-mmj3-mmgv PYSEC-2026-25	Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulnerability is fixed in 1.6.11.	1.6.11 Affected by 0 other vulnerabilities.
VCID-tk6q-528z-rye4 Aliases: CVE-2024-37568 PYSEC-2024-52	lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)	1.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:24:54.633039+00:00	Pypa Importer	Affected by	VCID-hrf7-xz6n-efcg	https://github.com/pypa/advisory-database/blob/main/vulns/authlib/PYSEC-2026-25.yaml	38.6.0
2026-06-02T04:21:28.772585+00:00	Pypa Importer	Affected by	VCID-tk6q-528z-rye4	https://github.com/pypa/advisory-database/blob/main/vulns/authlib/PYSEC-2024-52.yaml	38.6.0