Spotipy Project Spotipy — known CVE vulnerabilities
Every CVE whose affected-product data names Spotipy Project Spotipy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2025-27154 — CVSS 9.8 (critical): Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token…
CVE-2023-23608 — CVSS 0.0 (none): Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library…