Vulnerabilities in spotipy-dev
4 resultsCVE-2023-23608NONEspotipy Path traversal vulnerability that may lead to type confusion in URI handling codeEPSS 0.7%CVE-2025-27154HIGHSpotipy's cache file, containing spotify auth token, is created with overly broad permissionsEPSS 0.6%CVE-2025-47928CRITICALSpotipy repo vulnerable to secrets exfiltration via `pull_request_target`EPSS 0.4%CVE-2025-66040LOWSpotipy has a XSS vulnerability in OAuth callback serverEPSS 0.1%