Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/django-allauth@64.2.0
purl pkg:pypi/django-allauth@64.2.0
Next non-vulnerable version 65.14.1
Latest non-vulnerable version 65.14.1
Risk 3.1
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-1g8e-3rtr-m7cs
Aliases:
CVE-2026-27982
GHSA-2jpr-83rg-v67j
PYSEC-2026-56
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.
65.14.1
Affected by 0 other vulnerabilities.
VCID-g6t2-anwq-rkdf
Aliases:
CVE-2025-65430
GHSA-qhmc-3mvr-f2j4
PYSEC-2025-110
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.
65.13.0
Affected by 1 other vulnerability.
VCID-h9mg-uub3-8qhb
Aliases:
CVE-2025-65431
GHSA-8m3c-c723-h4p4
PYSEC-2025-111
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead.
65.13.0
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T21:18:13.485315+00:00 GitLab Importer Affected by VCID-1g8e-3rtr-m7cs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/django-allauth/CVE-2026-27982.yml 38.6.0
2026-06-12T20:40:18.712195+00:00 GitLab Importer Affected by VCID-g6t2-anwq-rkdf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/django-allauth/CVE-2025-65430.yml 38.6.0
2026-06-12T20:40:16.806759+00:00 GitLab Importer Affected by VCID-h9mg-uub3-8qhb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/django-allauth/CVE-2025-65431.yml 38.6.0
2026-06-12T04:21:09.558954+00:00 Pypa Importer Affected by VCID-1g8e-3rtr-m7cs https://github.com/pypa/advisory-database/blob/main/vulns/django-allauth/PYSEC-2026-56.yaml 38.6.0
2026-06-12T04:20:37.463894+00:00 Pypa Importer Affected by VCID-h9mg-uub3-8qhb https://github.com/pypa/advisory-database/blob/main/vulns/django-allauth/PYSEC-2025-111.yaml 38.6.0
2026-06-12T04:20:37.001026+00:00 Pypa Importer Affected by VCID-g6t2-anwq-rkdf https://github.com/pypa/advisory-database/blob/main/vulns/django-allauth/PYSEC-2025-110.yaml 38.6.0
2026-06-11T21:05:17.671624+00:00 PyPI Importer Affected by VCID-1g8e-3rtr-m7cs https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-06-11T21:04:40.827880+00:00 PyPI Importer Affected by VCID-h9mg-uub3-8qhb https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-06-11T21:04:40.313793+00:00 PyPI Importer Affected by VCID-g6t2-anwq-rkdf https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0