Nixpkgs security tracker

Untriaged

Permalink CVE-2026-27982

created 1 month, 2 weeks ago Activity log

Created suggestion 1 month, 2 weeks ago

An open redirect vulnerability exists in django-allauth versions prior to …

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.

References

Affected products

django-allauth

==prior to 65.14.1

Matching in nixpkgs

pkgs.python312Packages.django-allauth

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication

nixos-25.11 65.12.0
- nixos-25.11-small 65.12.0
- nixpkgs-25.11-darwin 65.12.0

pkgs.python313Packages.django-allauth

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication

nixos-unstable 65.14.3
- nixpkgs-unstable 65.14.3
- nixos-unstable-small 65.14.3
nixos-25.11 65.12.0
- nixos-25.11-small 65.12.0
- nixpkgs-25.11-darwin 65.12.0

pkgs.python314Packages.django-allauth

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication

nixos-unstable 65.14.3
- nixpkgs-unstable 65.14.3
- nixos-unstable-small 65.14.3

Package maintainers

@DerDennisOP Dennis <dennish@wuitz.de>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.python312Packages.django-allauth

pkgs.python313Packages.django-allauth

pkgs.python314Packages.django-allauth

Package maintainers