Security
Headlines

Headlines Latest CVEs

Headline

GHSA-8m3c-c723-h4p4: django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead.

8 days ago

#git #intel #auth

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-65431

django-allauth’s Okta and NetIQ implementations used a mutable identifier for authorization decisions

Moderate severity GitHub Reviewed Published Dec 15, 2025 to the GitHub Advisory Database • Updated Dec 16, 2025

Package

pip django-allauth (pip)

Affected versions

< 65.13.0

Description

Published to the GitHub Advisory Database

Dec 15, 2025

Last updated

Dec 16, 2025

EPSS score

ghsa: Latest News

GHSA-r399-636x-v7f6: LangChain serialization injection vulnerability enables secret extraction

5 hours ago

GHSA-hm5p-x4rq-38w4: httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

5 hours ago

GHSA-c67j-w6g6-q2cm: LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

6 hours ago

GHSA-pp3g-xmm4-5cw9: Home Assistant Core before is vulnerable to Directory Traversal

6 hours ago

GHSA-qx44-p258-3c2v: Cadmium CMS has a background arbitrary file upload vulnerability

6 hours ago