Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4
CVE-2025-65430
- EPSS 0.03%
- Veröffentlicht 15.12.2025 00:00:00
- Zuletzt bearbeitet 20.01.2026 19:02:34
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.
5.4
CVE-2025-65431
- EPSS 0.03%
- Veröffentlicht 15.12.2025 00:00:00
- Zuletzt bearbeitet 23.12.2025 18:08:38
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. Th...
1