Vulnerabilities in authlib
14 resultsCVE-2025-61920HIGHAuthlib is vulnerable to Denial of Service via Oversized JOSE SegmentsEPSS 0.6%CVE-2026-27932HIGHjoserfc PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)EPSS 0.4%CVE-2025-62706MEDIUMAuthlib : JWE zip=DEF decompression bomb enables DoSEPSS 0.4%CVE-2026-27962CRITICALAuthlib JWS JWK Header Injection: Signature Verification BypassEPSS 0.4%CVE-2026-28802HIGHAuthlib: Setting `alg: none` and a blank signature appears to bypass signature verificationEPSS 0.3%CVE-2025-65015CRITICALjoserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token PayloadsEPSS 0.3%CVE-2025-59420HIGHAuthlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)EPSS 0.2%CVE-2025-68158MEDIUMAuthlib: 1-click Account TakeoverEPSS 0.2%CVE-2026-44681MEDIUMAuthlib: Open Redirect in Authlib OIDC Implicit/Hybrid AuthorizationEPSS 0.2%CVE-2026-28498HIGHAuthlib: Fail-Open Cryptographic Verification in OIDC Hash BindingEPSS 0.2%CVE-2026-48990MEDIUMjoserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserializationEPSS 0.2%CVE-2026-41479MEDIUMAuthlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_typeEPSS 0.2%CVE-2026-28490HIGHAuthlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding OracleEPSS 0.1%CVE-2026-41425MEDIUMAuthlib: Cross-site request forging when using cacheEPSS 0.1%