CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

325 matches found

PyPA•added 2026/05/27 8:16 p.m.•7 views

PYSEC-0000-CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

6.1CVSS5.8AI score0.0004EPSS

Exploits1References1Affected Software1

OSV•added 2026/05/27 8:16 p.m.•3 views

PYSEC-2026-188

6.1CVSS5.8AI score0.0004EPSS

Exploits1References1

NVD•added 2026/05/27 8:16 p.m.•9 views

CVE-2026-44681

6.1CVSS0.0004EPSS

Exploits1References1

OSV•added 2026/05/27 8:16 p.m.•9 views

UBUNTU-CVE-2026-44681

6.1CVSS5.8AI score0.0004EPSS

Exploits1References3

ATTACKERKB•added 2026/05/27 7:20 p.m.•6 views

CVE-2026-44681

6.1CVSS5.8AI score0.0004EPSS

Exploits1References2Affected Software1

EUVD•added 2026/05/27 7:20 p.m.•9 views

EUVD-2026-32637

6.1CVSS5.8AI score0.0004EPSS

Exploits1References1

Debian CVE•added 2026/05/27 7:20 p.m.•9 views

CVE-2026-44681

6.1CVSS5.8AI score0.0004EPSS

Exploits1

CVE•added 2026/05/27 7:20 p.m.•20 views

CVE-2026-44681

CVE-2026-44681 affects Authlib’s OpenID implementation (OpenIDImplicitGrant and OpenIDHybridGrant). An unauthenticated open redirect can occur when a request omits the openid scope, causing the server to redirect with a 302 to an attacker-controlled URL. The root cause is that the scope check hap...

6.1CVSS5.8AI score0.0004EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/05/27 7:20 p.m.•6 views

CVE-2026-44681 Authlib: Open Redirect in Authlib OIDC Implicit/Hybrid Authorization

6.1CVSS5.8AI score0.0004EPSS

Exploits1References1

Cvelist•added 2026/05/27 7:20 p.m.•42 views

CVE-2026-44681 Authlib: Open Redirect in Authlib OIDC Implicit/Hybrid Authorization

6.1CVSS0.0004EPSS

Exploits1References1

IBM Security Bulletins•added 2026/05/18 4:50 p.m.•13 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Agent images

Summary Multiple vulnerabilities were addressed in IBM MQ Agent images Vulnerability Details CVEID:CVE-2026-41425 DESCRIPTION: Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in...

6.3CVSS6.6AI score0.00064EPSS

Exploits4Affected Software1

Snyk•added 2026/05/13 1:36 a.m.•9 views

Incorrect Authorization

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Incorrect Authorization via the validateauthorizationrequest function. An attacker can cause the server to redirect users to arbitrary URLs by submitting a crafted...

6.1CVSS5.9AI score0.0004EPSS

Exploits1References3

vulnersOsv•added 2026/05/13 1:36 a.m.•6 views

apheris-auth (=0.23.0), apheris-cli (=0.51.0) +1 more potentially affected by CVE-2026-44681 via authlib (=1.7.0)

authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0 - fittrackee =1.3.0b1, =1.3.0b3 Source cves: CVE-2026-44681 Source advisory: OSV:GHSA-R95X-QFJJ-FJJ2...

5.8AI score0.0004EPSS

Exploits1

OSV•added 2026/05/13 1:36 a.m.•3 views

GHSA-R95X-QFJJ-FJJ2 Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect

Summary An unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. Details...

6.1CVSS5.7AI score0.0004EPSS

Exploits1References6

Github Security Blog•added 2026/05/13 1:36 a.m.•7 views

Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect

6.1CVSS5.7AI score0.0004EPSS

Exploits1References6Affected Software1

vulnersOsv•added 2026/05/13 1:36 a.m.•4 views

apheris-auth (=0.23.0), apheris-cli (=0.51.0) +1 more potentially affected by CVE-2026-44681 via authlib (=1.7.0)

5.8AI score0.0004EPSS

Exploits1

Positive Technologies•added 2026/05/13 12:0 a.m.•9 views

PT-2026-40589

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.12 Authlib versions prior to 1.7.1 Description An unauthenticated open redirect exists in the authorization endpoint of the OpenIDImplicitGrant and OpenIDHybridGrant components. A remote attacker can cause the...

6.1CVSS5.8AI score0.0004EPSS

Exploits1References8

Debian•added 2026/05/11 7:6 p.m.•9 views

[SECURITY] [DLA 4579-1] python-authlib security update

Debian LTS Advisory DLA-4579-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias May 11, 2026 https://wiki.debian.org/LTS Package : python-authlib Version : 0.15.4-1+deb11u2 CVE ID : CVE-2026-27962 CVE-2026-28490 CVE-2026-28498 Three security vulnerabilities were...

9.1CVSS7.2AI score0.00081EPSS

Exploits3

Tenable Nessus•added 2026/05/11 12:0 a.m.•3 views

Debian dla-4579 : python-authlib-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4579 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4579-1 [email protected]...

9.1CVSS7.3AI score0.00081EPSS

Exploits3References8

RedhatCVE•added 2026/05/04 6:13 a.m.•8 views

CVE-2026-41425

A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker could exploit a missing Cross-Site Request Forgery CSRF protection on the cache feature within authlib.integrations.starletteclient.OAuth. This vulnerability allows an attacker to trick ...

5.4CVSS5.7AI score0.00023EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by