[CRITICAL] Existing sessions are not correctly invalidated when a user changes their password

PKSA-fcyb-3n6p-v7sp CVE-2019-10641 GHSA-vcgg-hp4r-87gx

Affected version: >=3.0.0,<3.5.39

Reported by:
FriendsOfPHP/security-advisories, GitHub

[MEDIUM] Cross-site scripting (XSS) vulnerability in the system log of the back end

PKSA-ftwh-331g-zg9s CVE-2018-10125 GHSA-pj4j-287j-f742

Affected version: >=3.0.0,<3.5.35

Reported by:
FriendsOfPHP/security-advisories, GitHub