| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-66040 | Spotipy has a XSS vulnerability in OAuth callback server | spotipy-dev | spotipy | Low | 3.6 | 2025-11-26 23:14:45 | Deep Dive |
| CVE-2025-47928 | Spotipy repo vulnerable to secrets exfiltration via `pull_request_target` | spotipy-dev | spotipy | Critical | 9.1 | 2025-05-15 20:09:48 | Deep Dive |
| CVE-2025-27154 | Spotipy's cache file, containing spotify auth token, is created with overly broad permissions | spotipy-dev | spotipy | 中危 | - | 2025-02-27 13:53:54 | Deep Dive |
| CVE-2023-23608 | spotipy Path traversal vulnerability that may lead to type confusion in URI handling code | spotipy-dev | spotipy | None | 0.0 | 2023-01-24 02:39:32 | Deep Dive |