VulnerableCode Package Details - pkg:pypi/social-auth-app-django@3.3.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-29us-aw5a-suc4 Aliases: CVE-2025-61783 GHSA-wv4w-6qv2-qqfg	Python Social Auth - Django has unsafe account association Upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses.	5.6.0 Affected by 0 other vulnerabilities.
VCID-4ct3-hxkg-63gv Aliases: CVE-2024-32879 GHSA-2gr8-3wc7-xhj3	social-auth-app-django affected by Improper Handling of Case Sensitivity ### Impact Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. ### Patches This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix released in 5.4.1. ### Workarounds An immediate workaround would be to change collation of the affected field: ```mysql ALTER TABLE `social_auth_usersocialauth` MODIFY `uid` varchar(255) COLLATE `utf8_bin`; ``` ### References This issue was discovered by folks at https://opencraft.com/.	5.4.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-29us-aw5a-suc4
Aliases:
CVE-2025-61783
GHSA-wv4w-6qv2-qqfg

Python Social Auth - Django has unsafe account association Upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses.

5.6.0
Affected by 0 other vulnerabilities.

VCID-4ct3-hxkg-63gv
Aliases:
CVE-2024-32879
GHSA-2gr8-3wc7-xhj3

social-auth-app-django affected by Improper Handling of Case Sensitivity ### Impact Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. ### Patches This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix released in 5.4.1. ### Workarounds An immediate workaround would be to change collation of the affected field: ```mysql ALTER TABLE `social_auth_usersocialauth` MODIFY `uid` varchar(255) COLLATE `utf8_bin`; ``` ### References This issue was discovered by folks at https://opencraft.com/.

5.4.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:47:15.483811+00:00	GitLab Importer	Affected by	VCID-29us-aw5a-suc4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/social-auth-app-django/CVE-2025-61783.yml	38.4.0
2026-04-16T22:56:47.655758+00:00	GitLab Importer	Affected by	VCID-4ct3-hxkg-63gv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/social-auth-app-django/CVE-2024-32879.yml	38.4.0
2026-04-12T01:08:29.305368+00:00	GitLab Importer	Affected by	VCID-29us-aw5a-suc4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/social-auth-app-django/CVE-2025-61783.yml	38.3.0
2026-04-12T00:15:07.240932+00:00	GitLab Importer	Affected by	VCID-4ct3-hxkg-63gv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/social-auth-app-django/CVE-2024-32879.yml	38.3.0
2026-04-03T01:17:10.100081+00:00	GitLab Importer	Affected by	VCID-29us-aw5a-suc4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/social-auth-app-django/CVE-2025-61783.yml	38.1.0
2026-04-03T00:21:49.141179+00:00	GitLab Importer	Affected by	VCID-4ct3-hxkg-63gv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/social-auth-app-django/CVE-2024-32879.yml	38.1.0