Skip to content
View AL-Cybision's full-sized avatar
14 followers · 17 following
  • Gray

Highlights

Block or report AL-Cybision

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
AL-Cybision/README.md

πŸ‘¨πŸ»β€πŸ’Ό Muhammad Noman Ilyas (AL-Cybision)

πŸ›‘οΈ Application Security & Vulnerability Researcher

GitHub Followers LinkedIn

πŸ” SECURE CODE REVIEW Β Β  πŸ›‘οΈ VULNERABILITY RESEARCH Β Β  πŸ€– AI/ML MODEL FILE VULNS

Highlights

πŸͺ² Vulnerabilities Discovered

CVE ID Advisory CVSS Project Summary MITRE / NVD
CVE-2025-59420 GHSA-9ggr-2464-2j32 CVSS 7.5 Authlib JWT/JWS accepts unknown crit headers β†’ possible authz bypass nvd.nist.gov/vuln/detail/CVE-2025-59420
CVE-2025-61920 GHSA-pq5p-34cr-23v9 CVSS 7.5 Authlib DoS via oversized JOSE segments nvd.nist.gov/vuln/detail/CVE-2025-61920
CVE-2025-62706 GHSA-g7f3-828f-7h7m CVSS 6.5 Authlib zip=DEF decompression bomb enables DoS nvd.nist.gov/vuln/detail/CVE-2025-62706

🀝 Contributions

Project Description Version Link
Go-Jose Fixed bug: b64 header ignored in unprotected header (now rejected). v4.1.3 PR #210
Authlib Collaborated on patch for critical header validation bypass. v1.6.4 PR #823

Pinned Loading

  1. authlib/authlib authlib/authlib Public

    The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS, JWE, JWK, JWA, JWT included.

    Python 5.1k 510

  2. go-jose go-jose Public

    Forked from go-jose/go-jose

    An implementation of JOSE standards (JWE, JWS, JWT) in Go

    Go

  3. huggingface/huggingface_hub huggingface/huggingface_hub Public

    The official Python client for the Hugging Face Hub.

    Python 3k 831