Security
Headlines

Headlines Latest CVEs

Headline

GHSA-qhmc-3mvr-f2j4: django-allauth does not reject access tokens for inactive users

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.

7 days ago

#git #intel #auth

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-65430

django-allauth does not reject access tokens for inactive users

Moderate severity GitHub Reviewed Published Dec 15, 2025 to the GitHub Advisory Database • Updated Dec 16, 2025

Package

pip django-allauth (pip)

Affected versions

< 65.13.0

Description

Published to the GitHub Advisory Database

Dec 15, 2025

Last updated

Dec 16, 2025

EPSS score

ghsa: Latest News

GHSA-rchf-xwx2-hm93: Fedify has ReDoS Vulnerability in HTML Parsing Regex

15 hours ago

GHSA-fw48-7qf9-455m: Piranha has stored cross-site scripting (XSS) vulnerability

15 hours ago

GHSA-83fp-hh9m-c2jq: Piranha has stored cross-site scripting (XSS) vulnerability

15 hours ago

GHSA-54mj-vcvj-q3v5: Umbraco CMS has an arbitrary file upload vulnerability

15 hours ago

GHSA-428g-f7cq-pgp5: Marshmallow has DoS in Schema.load(many)

16 hours ago