Search for packages
| purl | pkg:pypi/authlib@1.6.1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-hrf7-xz6n-efcg
Aliases: CVE-2026-41425 GHSA-jj8c-mmj3-mmgv PYSEC-2026-25 |
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulnerability is fixed in 1.6.11. |
Affected by 1 other vulnerability. |
|
VCID-sk4t-73s6-rqg9
Aliases: CVE-2026-44681 GHSA-r95x-qfjj-fjj2 PYSEC-2026-188 |
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. This vulnerability is fixed in 1.6.12 and 1.7.1. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T16:14:39.855078+00:00 | Pypa Importer | Affected by | VCID-sk4t-73s6-rqg9 | https://github.com/pypa/advisory-database/blob/main/vulns/authlib/PYSEC-2026-188.yaml | 38.6.0 |
| 2026-06-02T04:24:54.795245+00:00 | Pypa Importer | Affected by | VCID-hrf7-xz6n-efcg | https://github.com/pypa/advisory-database/blob/main/vulns/authlib/PYSEC-2026-25.yaml | 38.6.0 |