Spotipy-dev Spotipy
4 CVEs affecting Spotipy-dev Spotipy. Latest disclosed: 2025-11-26. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-47928 | Critical | 9.1 | 2025-05-15 | Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/i… |
CVE-2025-66040 | Low | 3.6 | 2025-11-26 | Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server… |
CVE-2025-27154 | | 2025-02-27 | Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1… | |
CVE-2023-23608 | Unrated | | 2023-01-24 | Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be… |