VulnerableCode Package Details - pkg:pypi/django-allauth@0.2.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/django-allauth@0.2.0

Essentials
History (3)

purl	pkg:pypi/django-allauth@0.2.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-35mh-1a8w-gfcb Aliases: CVE-2025-65430 GHSA-qhmc-3mvr-f2j4 PYSEC-2025-110	An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.	65.13.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gsy3-ym2x-afbd Aliases: CVE-2026-27982 GHSA-2jpr-83rg-v67j PYSEC-2026-56	An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.	65.14.1 Affected by 0 other vulnerabilities.
VCID-tazq-wxea-t7d1 Aliases: CVE-2025-65431 GHSA-8m3c-c723-h4p4 PYSEC-2025-111	An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead.	65.13.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:24:10.170593+00:00	Pypa Importer	Affected by	VCID-gsy3-ym2x-afbd	https://github.com/pypa/advisory-database/blob/main/vulns/django-allauth/PYSEC-2026-56.yaml	38.6.0
2026-06-02T04:23:33.490091+00:00	Pypa Importer	Affected by	VCID-tazq-wxea-t7d1	https://github.com/pypa/advisory-database/blob/main/vulns/django-allauth/PYSEC-2025-111.yaml	38.6.0
2026-06-02T04:23:32.870824+00:00	Pypa Importer	Affected by	VCID-35mh-1a8w-gfcb	https://github.com/pypa/advisory-database/blob/main/vulns/django-allauth/PYSEC-2025-110.yaml	38.6.0