Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django-allauth@0.63.5
Typepypi
Namespace
Namedjango-allauth
Version0.63.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-35mh-1a8w-gfcb
vulnerability_id VCID-35mh-1a8w-gfcb
summary An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.
references
0
reference_url https://allauth.org/news/2025/10/django-allauth-65.13.0-released
reference_id
reference_type
scores
url https://allauth.org/news/2025/10/django-allauth-65.13.0-released
1
reference_url https://allauth.org/news/2025/10/django-allauth-65.13.0-released/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://allauth.org/news/2025/10/django-allauth-65.13.0-released/
2
reference_url https://codeberg.org/allauth/django-allauth
reference_id
reference_type
scores
url https://codeberg.org/allauth/django-allauth
3
reference_url https://github.com/pennersr/django-allauth/commit/39f4a4ce9c891795b00914ca5ec32de72d5369c0
reference_id
reference_type
scores
url https://github.com/pennersr/django-allauth/commit/39f4a4ce9c891795b00914ca5ec32de72d5369c0
4
reference_url https://github.com/pennersr/django-allauth/commit/c54edf947c5a1c8c4ff3cddb75c86000ecb2507d
reference_id
reference_type
scores
url https://github.com/pennersr/django-allauth/commit/c54edf947c5a1c8c4ff3cddb75c86000ecb2507d
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65430
reference_id CVE-2025-65430
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-65430
6
reference_url https://github.com/advisories/GHSA-qhmc-3mvr-f2j4
reference_id GHSA-qhmc-3mvr-f2j4
reference_type
scores
url https://github.com/advisories/GHSA-qhmc-3mvr-f2j4
fixed_packages
0
url pkg:pypi/django-allauth@65.13.0
purl pkg:pypi/django-allauth@65.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gsy3-ym2x-afbd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-allauth@65.13.0
aliases CVE-2025-65430, GHSA-qhmc-3mvr-f2j4, PYSEC-2025-110
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35mh-1a8w-gfcb
1
url VCID-gsy3-ym2x-afbd
vulnerability_id VCID-gsy3-ym2x-afbd
summary An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.
references
0
reference_url https://allauth.org/news/2026/02/django-allauth-65.14.1-released
reference_id
reference_type
scores
url https://allauth.org/news/2026/02/django-allauth-65.14.1-released
1
reference_url https://allauth.org/news/2026/02/django-allauth-65.14.1-released/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://allauth.org/news/2026/02/django-allauth-65.14.1-released/
2
reference_url https://github.com/pennersr/django-allauth
reference_id
reference_type
scores
url https://github.com/pennersr/django-allauth
3
reference_url https://jvn.jp/en/jp/JVN23669411
reference_id
reference_type
scores
url https://jvn.jp/en/jp/JVN23669411
4
reference_url https://jvn.jp/en/jp/JVN23669411/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://jvn.jp/en/jp/JVN23669411/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27982
reference_id CVE-2026-27982
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-27982
6
reference_url https://github.com/advisories/GHSA-2jpr-83rg-v67j
reference_id GHSA-2jpr-83rg-v67j
reference_type
scores
url https://github.com/advisories/GHSA-2jpr-83rg-v67j
fixed_packages
0
url pkg:pypi/django-allauth@65.14.1
purl pkg:pypi/django-allauth@65.14.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-allauth@65.14.1
aliases CVE-2026-27982, GHSA-2jpr-83rg-v67j, PYSEC-2026-56
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsy3-ym2x-afbd
2
url VCID-tazq-wxea-t7d1
vulnerability_id VCID-tazq-wxea-t7d1
summary An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead.
references
0
reference_url https://allauth.org/news/2025/10/django-allauth-65.13.0-released
reference_id
reference_type
scores
url https://allauth.org/news/2025/10/django-allauth-65.13.0-released
1
reference_url https://allauth.org/news/2025/10/django-allauth-65.13.0-released/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://allauth.org/news/2025/10/django-allauth-65.13.0-released/
2
reference_url https://codeberg.org/allauth/django-allauth
reference_id
reference_type
scores
url https://codeberg.org/allauth/django-allauth
3
reference_url https://github.com/pennersr/django-allauth/commit/8feef46e0e07b25fc5594c8f268afa247ebc3412
reference_id
reference_type
scores
url https://github.com/pennersr/django-allauth/commit/8feef46e0e07b25fc5594c8f268afa247ebc3412
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65431
reference_id CVE-2025-65431
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-65431
5
reference_url https://github.com/advisories/GHSA-8m3c-c723-h4p4
reference_id GHSA-8m3c-c723-h4p4
reference_type
scores
url https://github.com/advisories/GHSA-8m3c-c723-h4p4
fixed_packages
0
url pkg:pypi/django-allauth@65.13.0
purl pkg:pypi/django-allauth@65.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gsy3-ym2x-afbd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-allauth@65.13.0
aliases CVE-2025-65431, GHSA-8m3c-c723-h4p4, PYSEC-2025-111
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tazq-wxea-t7d1
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django-allauth@0.63.5