Browse all 4 CVE security advisories affecting spotipy-dev. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Spotipy-dev is a Python library enabling Spotify API integration for developers, primarily used for building music-related applications. Historically, it has been associated with multiple remote code execution vulnerabilities due to unsafe deserialization and improper input handling, alongside cross-site scripting flaws through unsanitized output. The library has also faced privilege escalation issues where insufficient access controls allowed unauthorized actions on user accounts. While no major public security incidents have been documented, the four recorded CVEs highlight recurring patterns in input validation and secure coding practices, suggesting developers should implement additional safeguards when using this API wrapper.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-66040 | Spotipy has a XSS vulnerability in OAuth callback server — spotipyCWE-79 | 3.6 | Low | 2025-11-26 |
| CVE-2025-47928 | Spotipy repo vulnerable to secrets exfiltration via `pull_request_target` — spotipyCWE-488 | 9.1 | Critical | 2025-05-15 |
| CVE-2025-27154 | Spotipy's cache file, containing spotify auth token, is created with overly broad permissions — spotipyCWE-276 | 8.8 | - | 2025-02-27 |
| CVE-2023-23608 | spotipy Path traversal vulnerability that may lead to type confusion in URI handling code — spotipyCWE-22 | - | - | 2023-01-24 |
This page lists every published CVE security advisory associated with spotipy-dev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.