Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Authlib 0.5 | Vulnerabilities | Sonatype Guide
pypi
Authlib
0.5
Authlib 0.5
Published
Feb 11, 2018
•
Policy
compliance
pypi Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
58
Versions
58
Vulnerabilities
3
Vulnerabilities
3
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(1)
High
(0)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
9.1
CVE-2026-27962
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic key embedded in the attacker-controlled JWT jwk header field. An attacker can sign a token with their own private key, embed the matching public key in the header, and have the server accept the forged token as cryptographically valid — bypassing authentication and authorization entirely. This issue has been patched in version 1.6.9.
affected
Severity
Critical
Published
Mar 18, 2026
