VulnerableCode Package Details - pkg:pypi/oauth2@1.5.166

Search for packages

Vulnerability	Summary	Fixed by
VCID-tbug-mv5x-uucb Aliases: CVE-2013-4346 GHSA-4433-4cxq-vv73 PYSEC-2014-85	The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.	1.9rc1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.9.0 Affected by 0 other vulnerabilities.
VCID-zkgb-14kz-33dz Aliases: CVE-2013-4347 GHSA-rv8h-p43r-4x5r PYSEC-2014-86	The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.	1.9rc1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-tbug-mv5x-uucb
Aliases:
CVE-2013-4346
GHSA-4433-4cxq-vv73
PYSEC-2014-85

The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.

1.9rc1
Affected by 1 other vulnerability.

1.9.0
Affected by 0 other vulnerabilities.

VCID-zkgb-14kz-33dz
Aliases:
CVE-2013-4347
GHSA-rv8h-p43r-4x5r
PYSEC-2014-86

The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.

1.9rc1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:54:34.437737+00:00	GitLab Importer	Affected by	VCID-zkgb-14kz-33dz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/oauth2/CVE-2013-4347.yml	38.4.0
2026-04-16T21:53:02.540993+00:00	GitLab Importer	Affected by	VCID-tbug-mv5x-uucb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/oauth2/CVE-2013-4346.yml	38.4.0
2026-04-11T23:09:52.122212+00:00	GitLab Importer	Affected by	VCID-zkgb-14kz-33dz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/oauth2/CVE-2013-4347.yml	38.3.0
2026-04-11T23:08:36.965401+00:00	GitLab Importer	Affected by	VCID-tbug-mv5x-uucb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/oauth2/CVE-2013-4346.yml	38.3.0
2026-04-02T23:18:37.177591+00:00	GitLab Importer	Affected by	VCID-zkgb-14kz-33dz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/oauth2/CVE-2013-4347.yml	38.1.0
2026-04-02T23:17:13.141113+00:00	GitLab Importer	Affected by	VCID-tbug-mv5x-uucb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/oauth2/CVE-2013-4346.yml	38.1.0
2026-04-01T17:38:57.565634+00:00	GitLab Importer	Affected by	VCID-zkgb-14kz-33dz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/oauth2/CVE-2013-4347.yml	38.0.0
2026-04-01T17:37:23.156667+00:00	GitLab Importer	Affected by	VCID-tbug-mv5x-uucb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/oauth2/CVE-2013-4346.yml	38.0.0
2026-04-01T14:58:56.146461+00:00	PyPI Importer	Affected by	VCID-zkgb-14kz-33dz	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T14:58:56.021025+00:00	PyPI Importer	Affected by	VCID-tbug-mv5x-uucb	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T12:41:02.038346+00:00	Pypa Importer	Affected by	VCID-zkgb-14kz-33dz	https://github.com/pypa/advisory-database/blob/main/vulns/oauth2/PYSEC-2014-86.yaml	38.0.0
2026-04-01T12:41:01.967372+00:00	Pypa Importer	Affected by	VCID-tbug-mv5x-uucb	https://github.com/pypa/advisory-database/blob/main/vulns/oauth2/PYSEC-2014-85.yaml	38.0.0