Security Intel Hub 7+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Filter

KEV only

Verified PoC

Clear filters

Medium

Authlib OAuth2 scope parameter handling vulnerability fix

github.com · 2026-01-20

Authlib

Medium

CVE-2025-68158: Cache-backed CSRF leading to 1-Click Account Takeover

CVE-2025-68158 · github.com · 2026-01-20

authlib <= v1.6.5

Low

Fix Information Disclosure in ExceededSizeError via Header/Payload Leakage

github.com · 2025-11-19

joserfc

Critical

joserfc CVE-2025-65015 Uncontrolled Resource Consumption via JWT

CVE-2025-65015 · github.com · 2025-11-19

joserfc >=1.3.3 and <= 1.4.1

CVSS 6.5

Authlib CVE-2025-62706 JWE zip=DEF Decompression Bomb DoS

github.com · 2025-10-23

### Key Information #### Vulnerability Overview - **Vulnerability Type**: JWE zip=DEF decompression bomb enables DoS - **CVE ID**: CVE-2025-62706 - **CVSS v3.1 Score**: 6.5/10 (Medium) #### Affected S…

CVSS 7.5

Authlib CVE-2025-81920 DoS via Oversized JOSE Segments Advisory

github.com · 2025-10-11

### Critical Vulnerability Information #### Vulnerability Overview - **Vulnerability Name**: Authlib: Denial of Service via Oversized JOSE Segments - **CVE ID**: CVE-2025-81920 - **Severity**: High (7…

CVSS 7.5

Authlib CVE-2025-5942: JWS/JWT Accepts Unknown Crit Headers Leading to Auth Bypass

github.com · 2025-09-24

### Critical Vulnerability Information #### Vulnerability Overview - **Vulnerability Name**: Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass) - **CVE ID**: CVE-202…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!