Search for packages
| purl | pkg:pypi/authlib@1.7.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-hv6n-6vty-ayg3
Aliases: CVE-2026-41479 GHSA-w8p2-r796-3vmq |
Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type |
Affected by 0 other vulnerabilities. |
|
VCID-sk4t-73s6-rqg9
Aliases: CVE-2026-44681 GHSA-r95x-qfjj-fjj2 PYSEC-2026-188 |
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. This vulnerability is fixed in 1.6.12 and 1.7.1. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-09T17:13:05.731501+00:00 | GithubOSV Importer | Affected by | VCID-hv6n-6vty-ayg3 | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-w8p2-r796-3vmq/GHSA-w8p2-r796-3vmq.json | 38.6.0 |
| 2026-06-08T19:48:17.114468+00:00 | GHSA Importer | Affected by | VCID-hv6n-6vty-ayg3 | https://github.com/advisories/GHSA-w8p2-r796-3vmq | 38.6.0 |
| 2026-06-07T20:55:38.063298+00:00 | GHSA Importer | Affected by | VCID-sk4t-73s6-rqg9 | https://github.com/advisories/GHSA-r95x-qfjj-fjj2 | 38.6.0 |
| 2026-06-04T17:04:51.292112+00:00 | GithubOSV Importer | Affected by | VCID-sk4t-73s6-rqg9 | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-r95x-qfjj-fjj2/GHSA-r95x-qfjj-fjj2.json | 38.6.0 |