GHSA-HP6R-R9VC-Q8WX FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

EUVD-2025-204438

FastAPI SSP is vulnerable to Cross-site Request Forgery CSRF through improper OAuth parameter validation...

CVE-2025-14546

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

CVE-2025-14546

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

FastAPI SSO 安全漏洞

FastAPI SSO is a FastAPI plugin from the individual developer Tomas Votava. A security vulnerability exists in FastAPI SSO versions prior to 0.19.0, which stems from improper validation of the OAuth status parameter and could lead to a cross-site request forgery attack...

agent-lifecycle-toolkit (=0.2.1.10102025), claude-helpers (>=0.1.1 <=0.2.7) +36 more potentially affected by CVE-2025-14546 via fastapi-sso (>=0.10.0 <=0.18.0)

fastapi-sso PYPI version =0.10.0, =0.1.1, =1.0.0, =0.1.7, =2.5.43, =0.17.0, =1.0.0, =0.2.0, =2.13.3, =0.50.0, =0.5.0, =0.1.0, =0.0.1, =0.0.1, =0.2.0 and more Source cves: CVE-2025-14546 Source advisory: SNYK:PYTHON-FASTAPISSO-14386403...

Cross-site Request Forgery (CSRF)

Overview fastapi-sso is a FastAPI plugin to enable SSO to most common providers such as Facebook login, Google login and login via Microsoft Office 365 Account Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state...

dspy (>=2.5.43 <=2.6.0rc8), jac-cloud (>=0.1.0 <=0.1.24) +10 more potentially affected by unknown CVE via fastapi-sso (>=0.10.0 <=0.15.0)

fastapi-sso PYPI version =0.10.0, =2.5.43, =0.1.0, =0.0.1, =0.0.1, =2.0.0a51, =2.0.5, =1.0.1, =0.12.11, =2.7.11, =0.5.71, =0.6.52 Source cves: unknown CVE Source advisory: SNYK:PYTHON-FASTAPISSO-8445602...

Race Condition

Overview fastapi-sso is a FastAPI plugin to enable SSO to most common providers such as Facebook login, Google login and login via Microsoft Office 365 Account Affected versions of this package are vulnerable to Race Condition. When multiple concurrent login requests are processed simultaneously,...