VulnerableCode Package Details - pkg:pypi/authlib@1.6.11

Search for packages

Vulnerability	Summary	Fixed by
VCID-sk4t-73s6-rqg9 Aliases: CVE-2026-44681 GHSA-r95x-qfjj-fjj2 PYSEC-2026-188	Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. This vulnerability is fixed in 1.6.12 and 1.7.1.	1.6.12 Affected by 0 other vulnerabilities. 1.7.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-sk4t-73s6-rqg9
Aliases:
CVE-2026-44681
GHSA-r95x-qfjj-fjj2
PYSEC-2026-188

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. This vulnerability is fixed in 1.6.12 and 1.7.1.

1.6.12
Affected by 0 other vulnerabilities.

1.7.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-hrf7-xz6n-efcg	Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulnerability is fixed in 1.6.11.	CVE-2026-41425 GHSA-jj8c-mmj3-mmgv PYSEC-2026-25

Vulnerability

Summary

Aliases

VCID-hrf7-xz6n-efcg

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulnerability is fixed in 1.6.11.

CVE-2026-41425
GHSA-jj8c-mmj3-mmgv
PYSEC-2026-25

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T17:05:35.659864+00:00	PyPI Importer	Affected by	VCID-sk4t-73s6-rqg9	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T17:05:22.531545+00:00	PyPI Importer	Fixing	VCID-hrf7-xz6n-efcg	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-04T16:51:48.703690+00:00	GithubOSV Importer	Fixing	VCID-hrf7-xz6n-efcg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-jj8c-mmj3-mmgv/GHSA-jj8c-mmj3-mmgv.json	38.6.0
2026-06-04T16:14:39.869930+00:00	Pypa Importer	Affected by	VCID-sk4t-73s6-rqg9	https://github.com/pypa/advisory-database/blob/main/vulns/authlib/PYSEC-2026-188.yaml	38.6.0
2026-06-02T04:24:54.845542+00:00	Pypa Importer	Fixing	VCID-hrf7-xz6n-efcg	https://github.com/pypa/advisory-database/blob/main/vulns/authlib/PYSEC-2026-25.yaml	38.6.0