Skip to main content

Oauthenticator

5 CVEs product

Monthly

CVE-2026-33175 PyPI HIGH PATCH GHSA This Week

Authentication bypass in JupyterHub OAuthenticator <17.4.0 allows authenticated attackers with unverified email addresses on Auth0 tenants to login with arbitrary usernames, enabling account takeover when email is configured as the username claim. The vulnerability requires low-complexity exploitation over the network with low privileges (CVSS 8.8, AV:N/AC:L/PR:L). No public exploit identified at time of analysis, though the vendor has released a security advisory with technical details. EPSS data not available, but the authentication bypass nature and account takeover potential make this a priority for organizations using JupyterHub with Auth0 OAuth integration.

Authentication Bypass Oauthenticator
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-29033 PyPI CRITICAL PATCH GHSA Act Now

OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Oauthenticator
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-31027 PyPI MEDIUM PATCH This Month

OAuthenticator is an OAuth token library for the JupyerHub login handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oauthenticator
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-26250 PyPI MEDIUM PATCH This Month

OAuthenticator is an OAuth login mechanism for JupyterHub. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Oauthenticator
NVD GitHub
CVSS 3.1
6.3
EPSS
1.1%
CVE-2018-7206 PyPI HIGH PATCH This Week

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Gitlab Information Disclosure Oauthenticator
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authentication bypass in JupyterHub OAuthenticator <17.4.0 allows authenticated attackers with unverified email addresses on Auth0 tenants to login with arbitrary usernames, enabling account takeover when email is configured as the username claim. The vulnerability requires low-complexity exploitation over the network with low privileges (CVSS 8.8, AV:N/AC:L/PR:L). No public exploit identified at time of analysis, though the vendor has released a security advisory with technical details. EPSS data not available, but the authentication bypass nature and account takeover potential make this a priority for organizations using JupyterHub with Auth0 OAuth integration.

Authentication Bypass Oauthenticator
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Oauthenticator
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

OAuthenticator is an OAuth token library for the JupyerHub login handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oauthenticator
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

OAuthenticator is an OAuth login mechanism for JupyterHub. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Oauthenticator
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Gitlab Information Disclosure Oauthenticator
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy