VulnerableCode Package Details - pkg:pypi/authlib@1.6.12

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/authlib@1.6.12

Essentials
History (2)

purl	pkg:pypi/authlib@1.6.12

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-sk4t-73s6-rqg9	Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. This vulnerability is fixed in 1.6.12 and 1.7.1.	CVE-2026-44681 GHSA-r95x-qfjj-fjj2 PYSEC-2026-188

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T17:04:51.386618+00:00	GithubOSV Importer	Fixing	VCID-sk4t-73s6-rqg9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-r95x-qfjj-fjj2/GHSA-r95x-qfjj-fjj2.json	38.6.0
2026-06-04T16:14:39.872337+00:00	Pypa Importer	Fixing	VCID-sk4t-73s6-rqg9	https://github.com/pypa/advisory-database/blob/main/vulns/authlib/PYSEC-2026-188.yaml	38.6.0