Suggestions search

Published

Filter by:

With package: python312Packages.authlib

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-41425

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 4 hours ago by @LeSuisse Activity log

Created automatic suggestion 2 days, 10 hours ago
@LeSuisse ignored
15 packages
- python312Packages.oauthlib
- python313Packages.oauthlib
- python314Packages.oauthlib
- python312Packages.hawkauthlib
- python313Packages.hawkauthlib
- python314Packages.hawkauthlib
- python312Packages.aiohttp-oauthlib
- python313Packages.aiohttp-oauthlib
- python314Packages.aiohttp-oauthlib
- python312Packages.requests-oauthlib
- python313Packages.requests-oauthlib
- python314Packages.requests-oauthlib
- python312Packages.google-auth-oauthlib
- python313Packages.google-auth-oauthlib
- python314Packages.google-auth-oauthlib
4 hours ago
@LeSuisse accepted 4 hours ago
@LeSuisse published on GitHub 4 hours ago

Authlib: Cross-site request forging when using cache

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulnerability is fixed in 1.6.11.

References

https://github.com/authlib/authlib/security/advisories/GHSA-jj8c-mmj3-mmgv x_refsource_CONFIRM

Affected products

authlib

==< 1.6.11

Matching in nixpkgs

pkgs.python312Packages.authlib

Library for building OAuth and OpenID Connect servers

nixos-25.11 1.6.9
- nixos-25.11-small 1.6.9
- nixpkgs-25.11-darwin 1.6.9

pkgs.python313Packages.authlib

Library for building OAuth and OpenID Connect servers

nixos-unstable 1.6.9
- nixpkgs-unstable 1.6.9
- nixos-unstable-small 1.6.9
nixos-25.11 1.6.9
- nixos-25.11-small 1.6.9
- nixpkgs-25.11-darwin 1.6.9

pkgs.python314Packages.authlib

Library for building OAuth and OpenID Connect servers

nixos-unstable 1.6.9
- nixpkgs-unstable 1.6.9
- nixos-unstable-small 1.6.9

Ignored packages (15)

pkgs.python312Packages.oauthlib

Generic, spec-compliant, thorough implementation of the OAuth request-signing logic

nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python313Packages.oauthlib

Generic, spec-compliant, thorough implementation of the OAuth request-signing logic

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python314Packages.oauthlib

Generic, spec-compliant, thorough implementation of the OAuth request-signing logic

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1

pkgs.python312Packages.hawkauthlib

Hawk Access Authentication protocol

nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

pkgs.python313Packages.hawkauthlib

Hawk Access Authentication protocol

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

pkgs.python314Packages.hawkauthlib

Hawk Access Authentication protocol

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0

pkgs.python312Packages.aiohttp-oauthlib

oauthlib integration for aiohttp clients

nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.python313Packages.aiohttp-oauthlib

oauthlib integration for aiohttp clients

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.python314Packages.aiohttp-oauthlib

oauthlib integration for aiohttp clients

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0

pkgs.python312Packages.requests-oauthlib

OAuthlib authentication support for Requests

nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

pkgs.python313Packages.requests-oauthlib

OAuthlib authentication support for Requests

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

pkgs.python314Packages.requests-oauthlib

OAuthlib authentication support for Requests

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0

pkgs.python312Packages.google-auth-oauthlib

Google Authentication Library: oauthlib integration

nixos-25.11 1.2.3
- nixos-25.11-small 1.2.3
- nixpkgs-25.11-darwin 1.2.3

pkgs.python313Packages.google-auth-oauthlib

Google Authentication Library: oauthlib integration

nixos-unstable 1.2.4
- nixpkgs-unstable 1.2.4
- nixos-unstable-small 1.2.4
nixos-25.11 1.2.3
- nixos-25.11-small 1.2.3
- nixpkgs-25.11-darwin 1.2.3

pkgs.python314Packages.google-auth-oauthlib

Google Authentication Library: oauthlib integration

nixos-unstable 1.2.4
- nixpkgs-unstable 1.2.4
- nixos-unstable-small 1.2.4

Package maintainers

@flokli Florian Klink <flokli@flokli.de>

Permalink CVE-2026-28802

updated 1 month, 2 weeks ago by @mweinelt Activity log

Created automatic suggestion 1 month, 2 weeks ago
@mweinelt ignored
15 packages
- python314Packages.google-auth-oauthlib
- python313Packages.google-auth-oauthlib
- python312Packages.google-auth-oauthlib
- python314Packages.requests-oauthlib
- python313Packages.requests-oauthlib
- python312Packages.requests-oauthlib
- python314Packages.aiohttp-oauthlib
- python313Packages.aiohttp-oauthlib
- python312Packages.aiohttp-oauthlib
- python314Packages.hawkauthlib
- python313Packages.hawkauthlib
- python312Packages.hawkauthlib
- python314Packages.oauthlib
- python313Packages.oauthlib
- python312Packages.oauthlib
1 month, 2 weeks ago
@mweinelt accepted 1 month, 2 weeks ago
@mweinelt published on GitHub 1 month, 2 weeks ago

Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected.. This issue has been patched in version 1.6.7.

References

https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg x_refsource_CONFIRM
https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75 x_refsource_MISC
https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7 x_refsource_MISC

Affected products

authlib

==>= 1.6.5, < 1.6.7

Matching in nixpkgs

pkgs.python312Packages.authlib

Library for building OAuth and OpenID Connect servers

nixos-25.11 1.6.3
- nixos-25.11-small 1.6.3
- nixpkgs-25.11-darwin 1.6.3

pkgs.python313Packages.authlib

Library for building OAuth and OpenID Connect servers

nixos-unstable 1.6.6
- nixpkgs-unstable 1.6.6
- nixos-unstable-small 1.6.6
nixos-25.11 1.6.3
- nixos-25.11-small 1.6.3
- nixpkgs-25.11-darwin 1.6.3

pkgs.python314Packages.authlib

Library for building OAuth and OpenID Connect servers

nixos-unstable 1.6.6
- nixpkgs-unstable 1.6.6
- nixos-unstable-small 1.6.6

Ignored packages (15)

pkgs.python312Packages.oauthlib

Generic, spec-compliant, thorough implementation of the OAuth request-signing logic

nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python313Packages.oauthlib

Generic, spec-compliant, thorough implementation of the OAuth request-signing logic

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1
nixos-25.11 3.3.1
- nixos-25.11-small 3.3.1
- nixpkgs-25.11-darwin 3.3.1

pkgs.python314Packages.oauthlib

Generic, spec-compliant, thorough implementation of the OAuth request-signing logic

nixos-unstable 3.3.1
- nixpkgs-unstable 3.3.1
- nixos-unstable-small 3.3.1

pkgs.python312Packages.hawkauthlib

Hawk Access Authentication protocol

nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

pkgs.python313Packages.hawkauthlib

Hawk Access Authentication protocol

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

pkgs.python314Packages.hawkauthlib

Hawk Access Authentication protocol

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0

pkgs.python312Packages.aiohttp-oauthlib

oauthlib integration for aiohttp clients

nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.python313Packages.aiohttp-oauthlib

oauthlib integration for aiohttp clients

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.python314Packages.aiohttp-oauthlib

oauthlib integration for aiohttp clients

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0

pkgs.python312Packages.requests-oauthlib

OAuthlib authentication support for Requests

nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

pkgs.python313Packages.requests-oauthlib

OAuthlib authentication support for Requests

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

pkgs.python314Packages.requests-oauthlib

OAuthlib authentication support for Requests

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0

pkgs.python312Packages.google-auth-oauthlib

Google Authentication Library: oauthlib integration

nixos-25.11 1.2.3
- nixos-25.11-small 1.2.3
- nixpkgs-25.11-darwin 1.2.3

pkgs.python313Packages.google-auth-oauthlib

Google Authentication Library: oauthlib integration

nixos-unstable 1.2.4
- nixpkgs-unstable 1.2.4
- nixos-unstable-small 1.2.4
nixos-25.11 1.2.3
- nixos-25.11-small 1.2.3
- nixpkgs-25.11-darwin 1.2.3

pkgs.python314Packages.google-auth-oauthlib

Google Authentication Library: oauthlib integration

nixos-unstable 1.2.4
- nixpkgs-unstable 1.2.4
- nixos-unstable-small 1.2.4

Package maintainers

@flokli Florian Klink <flokli@flokli.de>

https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg
https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75
https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7