EUVD-2025-0190

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-27154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, t...

GHSA-PWHH-Q4H6-W599 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Summary The CacheHandler class creates a cache file to store the auth token here: https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cachehandler.pyL93-L98 The file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. I think 600 is ...

Incorrect Default Permissions

Overview spotipy is an A light weight Python library for the Spotify Web API Affected versions of this package are vulnerable to Incorrect Default Permissions via the CacheHandler class. An attacker can gain unauthorized access to administrative actions on the Spotify account by reading the spoti...

CVE-2025-27154

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

CVE-2025-27154

CVE-2025-27154 affects Spotipy’s CacheHandler file permissions. Before version 2.25.1, the cache file is created with 644 permissions by default, exposing the Spotify auth token to other users or processes on the same machine. Version 2.25.1 tightens permissions to 600, reducing token exposure. T...

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

Spotipy 安全漏洞

Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A security vulnerability exists in Spotipy versions prior to 2.25.1, which stems from the CacheHandler class creating a cache file with overly lax permissions, which could lead to the disclosure ...

snowflake-connector-python vulnerable to insecure cache files permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects version...

PYSEC-2017-32

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file...

CVE-2008-5690

The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv01 through snv104, allows local users to cause a denial of service authentication failure via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the...

Design/Logic Flaw

The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv01 through snv104, allows local users to cause a denial of service authentication failure via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the...

CVE-2008-5690

The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv01 through snv104, allows local users to cause a denial of service authentication failure via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the...