CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

RedhatCVE•added 2026/01/22 11:24 p.m.•3 views

CVE-2026-23996

FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...

3.7CVSS5.6AI score0.00065EPSS

Exploits0References1

NVD•added 2026/01/21 11:15 p.m.•2 views

CVE-2026-23996

3.7CVSS0.00065EPSS

Exploits0References3

CVE•added 2026/01/21 10:29 p.m.•10 views

CVE-2026-23996

CVE-2026-23996 concerns the FastAPI Api Key library. Version 1.1.0 is reported to expose a timing side-channel in verify_key(), where a random delay is applied only on verification failures. This enables an attacker to statistically distinguish valid from invalid API keys by measuring response la...

3.7CVSS5.6AI score0.00065EPSS

Exploits0References3Affected Software1

OSV•added 2026/01/21 10:29 p.m.•4 views

CVE-2026-23996 FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection

3.7CVSS5.7AI score0.00065EPSS

Exploits0References5

Cvelist•added 2026/01/21 10:29 p.m.•13 views

CVE-2026-23996 FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection

3.7CVSS0.00065EPSS

Exploits0References3

Snyk•added 2026/01/21 10:27 p.m.•2 views

Timing Attack

Overview fastapi-api-key is a fastapi-api-key provides secure, production-ready API key management for FastAPI. It offers pluggable hashing strategies Argon2 or bcrypt, backend-agnostic persistence currently SQLAlchemy, and an optional cache layer aiocache. Includes a Typer CLI and a FastAPI rout...

6.3CVSS5.7AI score0.00065EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by