Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

authlib — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting authlib. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Authlib is an open-source OAuth and OpenID Connect framework primarily used for implementing authentication and authorization in applications. Historically, it has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, often stemming from improper input validation and insecure default configurations. The framework's 11 recorded CVEs highlight recurring issues in parameter handling and session management. While no major public security incidents have been documented, the consistent discovery of vulnerabilities suggests developers should implement strict input sanitization and maintain current library versions to mitigate potential exploitation risks.

Top products by authlib: authlib joserfc
CVE IDTitleCVSSSeverityPublished
CVE-2026-41425 Authlib: Cross-site request forging when using cache — authlibCWE-352 5.4 Medium2026-04-24
CVE-2026-28498 Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding — authlibCWE-354 7.5 -2026-03-16
CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle — authlibCWE-203--2026-03-16
CVE-2026-27962 Authlib JWS JWK Header Injection: Signature Verification Bypass — authlibCWE-347 9.1 Critical2026-03-16
CVE-2026-28802 Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification — authlibCWE-347 9.1 -2026-03-06
CVE-2026-27932 joserfc PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS) — joserfcCWE-770 7.5 High2026-03-03
CVE-2025-68158 Authlib: 1-click Account Takeover — authlibCWE-352 5.7 Medium2026-01-08
CVE-2025-65015 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads — joserfcCWE-770 7.5AIHighAI2025-11-18
CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS — authlibCWE-400 6.5 Medium2025-10-22
CVE-2025-61920 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments — authlibCWE-20 7.5 High2025-10-10
CVE-2025-59420 Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass) — authlibCWE-345 7.5 High2025-09-22

This page lists every published CVE security advisory associated with authlib. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.