Lucene search
K

7 matches found

OSV
OSV
added 2026/06/03 2:52 p.m.7 views

ROOT-APP-PYPI-CVE-2025-61920 CVE-2025-61920 in rootio-Authlib - Patched by Root

Root has patched CVE-2025-61920 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

7.5CVSS7.3AI score0.00596EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/10/27 12:0 a.m.2 views

openSUSE Security Advisory (SUSE-SU-2025:3754-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.00596EPSS
Exploits1References4
Wolfi
Wolfi
added 2025/10/16 7:48 a.m.6 views

CVE-2025-61920 vulnerabilities

Vulnerabilities for packages: mlflow...

7.5CVSS7AI score0.00596EPSS
Exploits1
OPENSUSE Linux
OPENSUSE Linux
added 2025/10/15 12:0 a.m.7 views

python311-Authlib-1.6.5-1.1 on GA media (moderate)

python311-Authlib-1.6.5-1.1 on GA media Announcement ID: openSUSE-SU-2025:15629-1 Rating: moderate Cross-References: CVE-2025-61920 CVSS scores: CVE-2025-61920 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-61920 SUSE : 8.7...

8.7CVSS7.2AI score0.00596EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/10/10 8:26 p.m.11 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +268 more potentially affected by CVE-2025-61920 via authlib (>=0.10.0 <=1.6.4)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2025-61920 Source advisory: OSV:GHSA-PQ5P-34CR-23V9...

7.5CVSS7AI score0.00596EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2025/10/10 8:15 p.m.2 views

CVE-2025-61920

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...

7.5CVSS7.1AI score0.00596EPSS
Exploits1References5
Circl
Circl
added 2025/10/10 2:28 a.m.8 views

CVE-2025-61920

creationtimestamp| type| source ---|---|--- 2025-10-10 02:28:44+00:00| published-proof-of-concept| https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9...

7.5CVSS5.8AI score0.00596EPSS
Exploits1References1
Rows per page
Query Builder