📦 Authlib

This vulnerability in Authlib allows remote attackers to craft malicious JWT tokens with extremely large header or signature segments, causing excessive CPU and memory consumption during parsing. This...

Authlib versions before 1.6.4 fail to properly validate JWS tokens with unknown critical header parameters, violating RFC 7515 requirements. Attackers can craft tokens that bypass strict verification ...

This vulnerability allows attackers to forge JWT tokens by exploiting algorithm confusion in lepture Authlib. When jwt.decode() is called without specifying an algorithm, the library incorrectly accep...

This CSRF vulnerability in Authlib allows attackers to bypass Cross-Site Request Forgery protections in OAuth flows. Attackers can hijack authentication sessions by obtaining valid state tokens throug...

CVE-2025-62706 is a denial-of-service vulnerability in Authlib's JWE implementation where DEFLATE decompression lacks size limits. Attackers can send specially crafted tokens that cause excessive memo...