ROOT-APP-PYPI-CVE-2026-41425 CVE-2026-41425 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-41425 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-62706 CVE-2025-62706 in rootio-Authlib - Patched by Root

Root has patched CVE-2025-62706 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

MAL-2026-3648 Malicious code in auth-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

CLSA-2026-1777463708 dovecot: Fix of CVE-2017-15132

CVE-2017-15132: fix memory leak and hash-table use-after-free in authclientrequestabort lib-auth. Squashed upstream commits 1a29ed2f96da and a9b135760aea...

[SECURITY] Fedora 44 Update: python-msal-1.36.0-1.fc44

The Microsoft Authentication Library for Python enables applications to integrate with the Microsoft identity platform. It allows you to sign in users or apps with Microsoft identities Azure AD, Microsoft Accounts and Azure AD B2C accounts and obtain tokens to call Microsoft APIs such as Microsof...

CVE-2026-41427

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

CVE-2026-41427 Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

UBUNTU-CVE-2026-32952

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

[SECURITY] Fedora 43 Update: python-msal-1.36.0-1.fc43

The Microsoft Authentication Library for Python enables applications to integrate with the Microsoft identity platform. It allows you to sign in users or apps with Microsoft identities Azure AD, Microsoft Accounts and Azure AD B2C accounts and obtain tokens to call Microsoft APIs such as Microsof...

MAL-2026-2759 Malicious code in express-auth-basic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e643f12d60a16d07664d45cf59400356a38f8bb5463f358e1e86e217b88fab5 The package express-auth-basic was found to contain malicious code...

CVE-2026-30964

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...

CVE-2026-30964

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...

CLEANSTART-2026-DY37532 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Security vulnerability affects the cortex-fips package. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

Security Bulletin: A vulnerability in Microsoft Authentication Library affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-27086)

Summary A vulnerability in Microsoft Authentication Library affects IBM Robotic Process Automation which may result in a denial of service. Microsoft Azure Identity is used by IBM Robotic Process Automation for authentication processing. This bulletin identifies the security fixes to apply to...

CVE-2019-20138

The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's cryptopwhashstr is not used...

Use of Cache Containing Sensitive Information

Overview @workos-inc/authkit-nextjs is an Authentication and session helpers for using WorkOS & AuthKit with Next.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to missing anti-caching headers on authenticated responses. An attacker can ga...

MGASA-2025-0285 Updated perl-Authen-SASL packages fix security vulnerability

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. CVE-2025-40918...

[SECURITY] [DLA 4352-1] python-authlib security update

Debian LTS Advisory DLA-4352-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert October 29, 2025 https://wiki.debian.org/LTS Package : python-authlib Version : 0.15.4-1+deb11u1 CVE ID : CVE-2024-37568 CVE-2025-59420 CVE-2025-61920 CVE-2025-62706 Multiple...

Debian dla-4352 : python-authlib-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4352 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4352-1 [email protected]...