Cross-Site Scripting (XSS)

spotipy is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization of the error parameter in the OAuth callback server, which allows an attacker to inject and execute arbitrary JavaScript in the user's browser during OAuth authentication...

FreeBSD : spotipy -- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (8acfcfdc-d27c-11f0-8512-b0416f0c4c67)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8acfcfdc-d27c-11f0-8512-b0416f0c4c67 advisory. https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm reports: Spotipy is a...

CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

[SECURITY] Fedora 42 Update: python-spotipy-2.25.2-1.fc42

A light weight Python library for the Spotify Web API...

[SECURITY] Fedora 41 Update: python-spotipy-2.25.2-1.fc41

A light weight Python library for the Spotify Web API...

[SECURITY] Fedora 43 Update: python-spotipy-2.25.2-1.fc43

A light weight Python library for the Spotify Web API...

Fedora 42 : python-spotipy (2025-9501cd4d8c)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-9501cd4d8c advisory. update to version 2.25.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Fedora 43 : python-spotipy (2025-20ca419536)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-20ca419536 advisory. update to version 2.25.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Fedora: Security Advisory (FEDORA-2025-20ca419536)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-9501cd4d8c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-be2a1b5e6a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : python-spotipy (2025-be2a1b5e6a)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-be2a1b5e6a advisory. update to version 2.25.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

EUVD-2025-199770

Spotipy has a XSS vulnerability in its OAuth callback server...

GHSA-R77H-RPP9-W2XM Spotipy has a XSS vulnerability in its OAuth callback server

Summary XSS vulnerability in OAuth callback server allows JavaScript injection through unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's browser during OAuth authentication. Details Vulnerable Code: spotipy/oauth2.py lines 1238-1274 RequestHandler.doGET The...

deezspot-spotizerr (>=2.2.4 <=3.1.5), deezspot-spotizerr-phoenix (>=0.0.11 <=0.0.14) +35 more potentially affected by CVE-2025-66040 via spotipy (>=2.10.0 <=2.25.1)

spotipy PYPI version =2.10.0, =2.2.4, =0.0.11, =0.0.10, =2.6.0, =0.0.3, =0.0.1, =0.2.0, =0.1.1, =0.1.0, =0.0.2.dev4, =0.0.2.dev11 and more Source cves: CVE-2025-66040 Source advisory: OSV:GHSA-R77H-RPP9-W2XM...

Spotipy has a XSS vulnerability in its OAuth callback server

Summary XSS vulnerability in OAuth callback server allows JavaScript injection through unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's browser during OAuth authentication. Details Vulnerable Code: spotipy/oauth2.py lines 1238-1274 RequestHandler.doGET The...

Linux Distros Unpatched Vulnerability : CVE-2025-66040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server tha...

SUSE CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

DEBIAN-CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...