CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

334 matches found

EUVD•added 2026/03/16 3:17 p.m.•3 views

EUVD-2026-12478

Authlib JWS JWK Header Injection: Signature Verification Bypass...

9.1CVSS5.8AI score0.0041EPSS

Exploits1References3

vulnersOsv•added 2026/03/16 3:17 p.m.•2 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +283 more potentially affected by CVE-2026-27962 via authlib (>=0.10.0 <=1.6.8)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.5.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-27962 Source advisory: OSV:GHSA-WVWJ-CVRP-7PV5...

9.1CVSS7.7AI score0.0041EPSS

Exploits1

Github Security Blog•added 2026/03/16 3:17 p.m.•6 views

Authlib JWS JWK Header Injection: Signature Verification Bypass

Description Summary A JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic...

9.1CVSS6AI score0.0041EPSS

Exploits1References5Affected Software1

OSV•added 2026/03/16 3:17 p.m.•0 views

GHSA-WVWJ-CVRP-7PV5 Authlib JWS JWK Header Injection: Signature Verification Bypass

9.1CVSS6AI score0.0041EPSS

Exploits1References5

CNNVD•added 2026/03/16 12:0 a.m.•3 views

Authlib 加密问题漏洞

Authlib is an open-source library developed by Authlib, designed as a ultimate Python library for building OAuth and OpenID Connect servers. Versions of Authlib prior to 1.6.9 contained a security vulnerability related to encryption. This vulnerability stemmed from a cryptographic padding mechani...

8.3CVSS5.8AI score0.00142EPSS

Exploits1References4

CNNVD•added 2026/03/16 12:0 a.m.•2 views

Authlib 安全漏洞

Authlib is an open-source library developed by Authlib, designed as a ultimate Python library for building OAuth and OpenID Connect servers. Versions of Authlib prior to 1.6.9 contained security vulnerabilities. These vulnerabilities stemmed from the OpenID Connect ID token verification logic,...

8.2CVSS7.3AI score0.00201EPSS

Exploits1References4

CNNVD•added 2026/03/16 12:0 a.m.•4 views

Authlib 数据伪造问题漏洞

Authlib is an open-source library developed by Authlib, designed to build servers for OAuth and OpenID Connect. Versions of Authlib prior to 1.6.9 contained a data manipulation vulnerability, caused by header injection in the JWS implementation. This vulnerability could allow unauthenticated...

9.1CVSS7.2AI score0.0041EPSS

Exploits1References4

Tenable Nessus•added 2026/03/16 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-28490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified i...

8.3CVSS5.8AI score0.00142EPSS

Exploits1References3

Tenable Nessus•added 2026/03/16 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-28498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib...

8.2CVSS7.2AI score0.00201EPSS

Exploits1References3

Tenable Nessus•added 2026/03/16 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS...

9.1CVSS7.8AI score0.0041EPSS

Exploits1References3

OpenVAS•added 2026/03/09 12:0 a.m.•4 views

openSUSE Security Advisory (SUSE-SU-2026:0828-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS5.8AI score0.00237EPSS

Exploits1References4

Veracode•added 2026/03/07 5:9 a.m.•4 views

Improper Signature Verification

Authlib is vulnerable to improper signature verification. The vulnerability is due to improper validation of JWT tokens where tokens with alg: none and an empty signature bypass the signature verification process, which allows an attacker to forge authentication tokens and gain unauthorized acces...

9.8CVSS5.8AI score0.00336EPSS

Exploits1References3Affected Software1

SUSE CVE•added 2026/03/07 12:25 a.m.•3 views

SUSE CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

9.8CVSS5.8AI score0.00336EPSS

Exploits1References3

Tenable Nessus•added 2026/03/07 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-28802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a...

9.8CVSS7.3AI score0.00336EPSS

Exploits1References3