CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

52 matches found

OSV•added 2026/05/27 8:16 p.m.•5 views

DEBIAN-CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

6.1CVSS5.8AI score0.0004EPSS

Exploits1References1

EUVD•added 2026/05/27 7:20 p.m.•5 views

EUVD-2026-32637

6.1CVSS5.8AI score0.0004EPSS

Exploits1References1

Debian CVE•added 2026/05/27 7:20 p.m.•7 views

CVE-2026-44681

6.1CVSS5.8AI score0.0004EPSS

Exploits1

Cvelist•added 2026/05/27 7:20 p.m.•38 views

CVE-2026-44681 Authlib: Open Redirect in Authlib OIDC Implicit/Hybrid Authorization

6.1CVSS0.0004EPSS

Exploits1References1

Snyk•added 2026/05/13 1:36 a.m.•6 views

Incorrect Authorization

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Incorrect Authorization via the validateauthorizationrequest function. An attacker can cause the server to redirect users to arbitrary URLs by submitting a crafted...

6.1CVSS5.9AI score0.0004EPSS

Exploits1References3

vulnersOsv•added 2026/05/13 1:36 a.m.•5 views

apheris-auth (=0.23.0), apheris-cli (=0.51.0) +1 more potentially affected by CVE-2026-44681 via authlib (=1.7.0)

authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0 - fittrackee =1.3.0b1, =1.3.0b3 Source cves: CVE-2026-44681 Source advisory: OSV:GHSA-R95X-QFJJ-FJJ2...

5.8AI score0.0004EPSS

Exploits1

vulnersOsv•added 2026/05/13 1:36 a.m.•2 views

apheris-auth (=0.23.0), apheris-cli (=0.51.0) +1 more potentially affected by CVE-2026-44681 via authlib (=1.7.0)

5.8AI score0.0004EPSS

Exploits1

vulnersOsv•added 2026/04/24 8:16 p.m.•7 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +231 more potentially affected by CVE-2026-41425 via authlib (>=0.10.0 <=1.6.10)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41425 Source advisory: OSV:PYSEC-2026-25...

5.4CVSS5.8AI score0.00017EPSS

Exploits1

vulnersOsv•added 2026/04/16 10:38 p.m.•3 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +166 more potentially affected by CVE-2026-41425 via authlib (>=1.0.0 <=1.6.10)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-41425 Source advisory:...

5.4CVSS5.8AI score0.00017EPSS

Exploits1

vulnersOsv•added 2026/04/16 10:38 p.m.•4 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +231 more potentially affected by CVE-2026-41425 via authlib (>=0.10.0 <=1.6.10)

5.4CVSS5.8AI score0.00017EPSS

Exploits1

SUSE CVE•added 2026/03/17 12:25 a.m.•2 views

SUSE CVE-2026-27962

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any...

9.1CVSS5.9AI score0.00081EPSS

Exploits1References4

vulnersOsv•added 2026/03/16 8:53 p.m.•3 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +220 more potentially affected by CVE-2026-28490 via authlib (>=1.0.0 <=1.6.8)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.5.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-28490 Source advisory:...

8.3CVSS5.8AI score0.00016EPSS

Exploits1

vulnersOsv•added 2026/03/16 8:53 p.m.•2 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +220 more potentially affected by CVE-2026-28498 via authlib (>=1.0.0 <=1.6.8)

8.2CVSS7.2AI score0.00029EPSS

Exploits1

vulnersOsv•added 2026/03/16 8:51 p.m.•2 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +220 more potentially affected by CVE-2026-27962 via authlib (>=1.0.0 <=1.6.8)

9.1CVSS7.2AI score0.00081EPSS

Exploits1

OSV•added 2026/03/16 6:16 p.m.•1 views

UBUNTU-CVE-2026-27962

9.1CVSS6AI score0.00081EPSS

Exploits1References3

OSV•added 2026/03/16 6:16 p.m.•1 views

UBUNTU-CVE-2026-28490

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

8.3CVSS5.7AI score0.00016EPSS

Exploits1References3

OSV•added 2026/03/16 6:16 p.m.•2 views

UBUNTU-CVE-2026-28498

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash...

8.2CVSS5.7AI score0.00029EPSS

Exploits1References3

CVE•added 2026/03/16 5:37 p.m.•14 views

CVE-2026-28490

Authlib (Python) RSA1_5 JWE handling is vulnerable to Bleichenbacher padding oracle attacks. The issue stems from a length check in RSAAlgorithm.unwrap() that raises a distinct exception when padding is invalid, destroying the cryptographic BLEichenbacher mitigation provided by cryptography v46.0...

8.3CVSS5.7AI score0.00016EPSS

Exploits1References3Affected Software1