OPENSUSE-SU-2026:10681-1 python311-social-auth-core-4.8.7-1.1 on GA media

These are all security issues fixed in the python311-social-auth-core-4.8.7-1.1 package on the GA media of openSUSE Tumbleweed...

python311-social-auth-app-django-5.7.0-1.1 on GA media (moderate)

python311-social-auth-app-django-5.7.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10499-1 Rating: moderate Cross-References: CVE-2025-61783 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed ...

CVE-2019-18933

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...

EUVD-2025-203016

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

Authentication Bypass by Spoofing

Overview social-auth-app-django is a Python Social Authentication, Django integration. Affected versions of this package are vulnerable to Authentication Bypass by Spoofing. An attacker can gain unauthorized access to user accounts by exploiting improper association by email when a third-party...

EUVD-2019-8606

Malware in sbrugna...

python-social-auth: Improper Handling of Case Sensitivity in social-auth-app-django

A flaw was found in social-auth-app-django. In affected versions of this package, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match...

python-social-auth: Improper Handling of Case Sensitivity in social-auth-app-django

A flaw was found in social-auth-app-django. In affected versions of this package, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match...

CVE-2024-32879

Python Social Auth Django contains a vulnerability (CVE-2024-32879) where third-party authentication user IDs are not case-sensitive due to the database collation before version 5.4.1, allowing mismatched IDs to be treated as equal. The issue is mitigated by upgrading to 5.4.1, which fixes the im...

GHSA-2GR8-3WC7-XHJ3 social-auth-app-django affected by Improper Handling of Case Sensitivity

Impact Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. Patches This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix...

Glassdoor: Full account takeover without user Interaction

A vulnerability in the email verification process allowed bypassing of email validation checks. An attacker could manipulate the API response to change the isValidated parameter, enabling registration of accounts with unregistered email addresses and verification without legitimate access to the...

CVE-2019-18933

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...

Authentication flaw

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...

CVE-2019-18933

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...

Spring Social Java Library Social Authentication Vulnerability

A nasty cross-site request forgery vulnerability was patched Thursday in the Spring Social core library, one of the most pervasive Java application libraries. Spring Social facilitates social authentication between applications and online services, and the vulnerability allowed attackers to bypas...

Facebook Issues Security Updates for Mobile App

The Facebook security team is adding some new security features to the social network’s mobile applications, including upgrades to the login mechanism and account recovery options. The first addition is an update to Facebook’s existing login approval mechanism, which they are calling ‘code...

Facebook: You Should Only Friend People You Know. Seriously. We're Not Kidding.

After a string of controversies over promiscuous data sharing and account takeovers, social networking giant, Facebook, has released a 13 page guide for users who want to secure their Facebook account. Among other things, the 700 million strong social network is warning its users to only “Friend”...

Facebook Used Social Authentication To Shield Tunisian Protesters

Faced with the Tunisian government’s efforts to hack the Facebook accounts of protesters, Facebook’s security team stepped up its use of social authentication to help secure protester’s accounts. A new account of the role of the Facebook in aiding widespread protests against the regime in Tunisia...