python311-social-auth-core-4.8.7-1.1 on GA media (moderate)

python311-social-auth-core-4.8.7-1.1 on GA media Announcement ID: openSUSE-SU-2026:10681-1 Rating: moderate Cross-References: CVE-2026-32597 CVSS scores: CVE-2026-32597 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2026-32597 SUSE : 8.7...

@glarus-labs/vendure-social-auth (>=0.0.1 <=0.1.1), @grupo-loja/vendure-banner-plugin (=1.0.0) +96 more potentially affected by CVE-2026-25050 via @vendure/core (>=0.11.1 <=3.4.4)

@vendure/core NPM version =0.11.1, =0.0.1, =1.0.0, =1.0.4, =0.0.1, =1.0.3, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.2.3 and more Source cves: CVE-2026-25050 Source advisory: OSV:GHSA-6F65-4FV2-WWCH...

Improper Authentication

python-social-auth is vulnerable to Improper Authentication. The vulnerability is due to automatic user association by email even when the associatebyemail pipeline is not enabled, where unvalidated or non-unique emails provided by third-party authentication services can be linked to existing...

Linux Distros Unpatched Vulnerability : CVE-2025-61783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail ev...

SUSE CVE-2025-61783

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

CVE-2025-61783

A flaw was found in Python Social Auth, a social authentication and registration framework. During authentication, a user account could be incorrectly associated by e-mail even when the associatebyemail pipeline was not explicitly enabled. This behavior could allow account takeover if a third-par...

DEBIAN-CVE-2025-61783

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

CVE-2025-61783

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

UBUNTU-CVE-2025-61783

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

CVE-2025-61783 Python Social Auth - Django has unsafe account association

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

CVE-2025-61783 Python Social Auth - Django has unsafe account association

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

CVE-2025-61783 Python Social Auth - Django has unsafe account association

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

EUVD-2025-33405

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

CVE-2025-61783

CVE-2025-61783 affects Python Social Auth (specifically the Django integration, python-social-auth/social-app-django). In versions prior to 5.6.0, during authentication a user could be associated by email even if the register/authorization pipeline did not include the associate_by_email step, ena...

Python Social Auth - Django has unsafe account association

Impact Upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Patche...

argus-notification-msteams (=0.5.1), argus-server (>=1.0.0 <=1.22.1) +113 more potentially affected by CVE-2025-61783 via social-auth-app-django (>=0.1.0 <=5.4.3)

social-auth-app-django PYPI version =0.1.0, =1.0.0, =1.0.0, =4.14.0, =0.15.0, =0.3.23, =0.8.7, =0.0.2a17, =1.0.0, =2.1.0, =1.0.1, =1.0.0, =1.0.8 and more Source cves: CVE-2025-61783 Source advisory: OSV:GHSA-WV4W-6QV2-QQFG...

argus-notification-msteams (=0.5.1), argus-server (>=1.0.0 <=1.22.1) +97 more potentially affected by CVE-2025-61783 via social-auth-app-django (>=5.0.0 <=5.4.3)

social-auth-app-django PYPI version =5.0.0, =1.0.0, =1.0.0, =4.14.0, =0.4.3, =0.8.7, =0.0.2a17, =1.0.0, =1.0.0, =1.2.0, =4.8.0, =0.0.2, =1.0.0, =1.1.0 and more Source cves: CVE-2025-61783 Source advisory: SNYK:PYTHON-SOCIALAUTHAPPDJANGO-13512562...

Python Social Auth 安全漏洞

Python Social Auth is an easy to set up social authentication/registration mechanism from Python Social Auth open source. Multiple frameworks and authentication providers are supported. A security vulnerability exists in Python Social Auth versions prior to 5.6.0, which stems from an unvalidated...

EUVD-2024-1061

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-32879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB...