pkg:Debian/python-authlib

All known vulnerabilities

• CRITICAL9.8CVE-2026-28802Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification
  from 0
• CRITICAL9.1CVE-2026-27962Authlib JWS JWK Header Injection: Signature Verification Bypass
  from 0, < 0.15.4-1+deb11u2
• HIGH7.5CVE-2026-28498Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding
  from 0, < 0.15.4-1+deb11u2
• HIGH7.5Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
  from 0, < 0.15.4-1+deb11u1
• HIGH7.5Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
  from 0, < 0.15.4-1+deb11u1
• HIGH7.4python-authlib - security update
  from 0, < 0.15.4-1+deb11u1
• HIGH7.4python-authlib - security update
  from 0, < 0.15.4-1+deb11u1
• MEDIUM6.5Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
  from 0, < 0.15.4-1+deb11u2
• MEDIUM6.5Authlib : JWE zip=DEF decompression bomb enables DoS
  from 0, < 0.15.4-1+deb11u1
• MEDIUM6.1Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect
  from 0
• MEDIUM5.7Authlib has 1-click Account Takeover vulnerability
  from 0
• MEDIUM5.4Authlib: Cross-site request forging when using cache
  from 0