Filtered by vendor Allauth
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-65430 | 1 Allauth | 1 Allauth | 2026-01-20 | N/A | 5.4 MEDIUM |
| An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected. | |||||
| CVE-2025-65431 | 1 Allauth | 1 Allauth | 2025-12-23 | N/A | 5.4 MEDIUM |
| An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead. | |||||