PYSEC-2026-56

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/django-allauth/PYSEC-2026-56.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-56
Aliases
Published
2026-03-05T06:16:30.100Z
Modified
2026-06-10T17:00:47.735647193Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.

References

Affected packages

PyPI / django-allauth

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
65.14.1

Affected versions

0.*
0.1.0
0.2.0
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.8.3
0.9.0
0.10.0
0.10.1
0.11.0
0.11.1
0.12.0
0.13.0
0.14.0
0.14.1
0.14.2
0.15.0
0.16.0
0.16.1
0.17.0
0.18.0
0.19.0
0.19.1
0.20.0
0.21.0
0.22.0
0.23.0
0.24.0
0.24.1
0.25.0
0.25.1
0.25.2
0.26.0
0.26.1
0.27.0
0.28.0
0.29.0
0.30.0
0.31.0
0.32.0
0.33.0
0.34.0
0.35.0
0.36.0
0.37.0
0.37.1
0.38.0
0.39.0
0.39.1
0.40.0
0.41.0
0.42.0
0.43.0
0.44.0
0.45.0
0.46.0
0.47.0
0.48.0
0.49.0
0.50.0
0.51.0
0.52.0
0.53.0
0.53.1
0.54.0
0.55.0
0.55.1
0.55.2
0.56.0
0.56.1
0.57.0
0.57.1
0.57.2
0.58.0
0.58.1
0.58.2
0.59.0
0.60.0
0.60.1
0.61.0
0.61.1
0.62.0
0.62.1
0.63.0
0.63.1
0.63.2
0.63.3
0.63.4
0.63.5
0.63.6
64.*
64.0.0
64.1.0
64.2.0
64.2.1
65.*
65.0.0
65.0.1
65.0.2
65.1.0
65.2.0
65.3.0
65.3.1
65.4.0
65.4.1
65.5.0
65.6.0
65.7.0
65.8.0
65.8.1
65.9.0
65.10.0
65.11.0
65.11.1
65.11.2
65.12.0
65.12.1
65.13.0
65.13.1
65.14.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/django-allauth/PYSEC-2026-56.yaml"