EUVD-2025-12792

Malicious code in bioql PyPI...

GHSA-7CP4-JW97-3RC2 Duplicate Advisory: @cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4pc9-x2fx-p7vj. This link is maintained to preserve external references. Original Description The OAuth implementation in workers-oauth-provider that is part of MCP framework...

CVE-2025-4144

PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...

CVE-2025-4143 Missing validation of redirect_uri on authorize endpoint

The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirecturi was on the allowed list of redirect URIs for the given client registration. Fixed in: ...

PT-2025-18344 · Unknown · Workers-Oauth-Provider

Name of the Vulnerable Software and Affected Versions: workers-oauth-provider affected versions not specified Description: The OAuth implementation in workers-oauth-provider did not correctly validate that the redirect uri was on the allowed list of redirect URIs for the given client registration...