333 matches found
DEBIAN-CVE-2025-61920
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...
UBUNTU-CVE-2025-61920
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...
CVE-2025-61920 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...
EUVD-2025-33768
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...
CVE-2025-61920
CVE-2025-61920 — Authlib (Python) Authlib’s JOSE implementation (prior to v1.6.5) accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url header or signature spans hundreds of megabytes. During verification, the library decodes and parses the f...
CVE-2025-61920
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...
CVE-2025-61920 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...
CVE-2025-61920 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...
CVE-2025-61920
creationtimestamp| type| source ---|---|--- 2025-10-10 02:28:44+00:00| published-proof-of-concept| https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9...
PT-2025-41596
Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.5 Description Authlib, a Python library for building OAuth and OpenID Connect servers, has an issue in its JOSE implementation. It accepts JWS/JWT header and signature segments without size limits. An attacker can...
Authlib 安全漏洞
Authlib is the ultimate Python library for building OAuth and OpenID Connect servers open-sourced by Authlib. A security vulnerability exists in Authlib versions prior to 1.6.5 that stems from the JOSE implementation accepting unlimited JWS/JWT headers and signature segments, which could lead to ...
EUVD-2021-15057
Malware in sbrugna...
EUVD-2008-2375
Malware in sbrugna...
EUVD-2021-30682
Malicious code in bioql PyPI...
EUVD-2025-30790
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-59420
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib's JWS verification accepts tokens that declare unknow...
DEBIAN-CVE-2025-59420
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters crit, violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical...
CVE-2025-59420
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters crit, violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical...
UBUNTU-CVE-2025-59420
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters crit, violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical...
CVE-2025-59420 Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters crit, violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical...