spotipy — Vulnerabilities & Security Advisories 4

All 4 CVE vulnerabilities found in spotipy, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-66040	Spotipy has a XSS vulnerability in OAuth callback server CWE-79	3.6	Low	2025-11-26
CVE-2025-47928	Spotipy repo vulnerable to secrets exfiltration via `pull_request_target` CWE-488	9.1	Critical	2025-05-15
CVE-2025-27154	Spotipy's cache file, containing spotify auth token, is created with overly broad permissions CWE-276	8.8	-	2025-02-27
CVE-2023-23608	spotipy Path traversal vulnerability that may lead to type confusion in URI handling code CWE-22	-	-	2023-01-24

All 4 known CVE vulnerabilities affecting spotipy with full Chinese analysis, references, and POCs where available.