team-alembic CVE Vulnerabilities & CVE List (2)

Products (CPE): — CVEs: 2

team-alembic vulnerability overview

This page aggregates publicly disclosed CVE and security risk information related to team-alembic, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

Vulnerability distribution trend (last 24 months)

Showing 12 of 2 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-49757 Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address (an upsert on the email field, or a user-defined sign-in filter) rather than by the OpenID Connect iss/sub claim combination. Per OpenID Connect Core §5.7, only iss/sub uniquely and stably identifies an end-user; other claims, including email, MUST NOT be use 6b3ad84c-e1a6-4bf7-a703-f496b71e49db 9.2 0.56% 2026-06-15 2026-06-17
CVE-2025-4754 Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoenix until 2.10.0. 6b3ad84c-e1a6-4bf7-a703-f496b71e49db 2.3 0.40% 2025-06-17 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence