NIXPKGS-2026-0563

GitHub issue published on 7 Mar 2026

Permalink CVE-2026-27982

updated 1 week ago by @mweinelt Activity log

Created automatic suggestion 1 week, 2 days ago
@mweinelt accepted 1 week ago
@mweinelt published on GitHub 1 week ago

An open redirect vulnerability exists in django-allauth versions prior to …

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.

References

Affected products

django-allauth

==prior to 65.14.1

Matching in nixpkgs

pkgs.python312Packages.django-allauth

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication

nixos-25.11 65.12.0
- nixos-25.11-small 65.12.0
- nixpkgs-25.11-darwin 65.12.0

pkgs.python313Packages.django-allauth

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication

nixos-unstable 65.14.3
- nixpkgs-unstable 65.14.3
- nixos-unstable-small 65.14.3
nixos-25.11 65.12.0
- nixos-25.11-small 65.12.0
- nixpkgs-25.11-darwin 65.12.0

pkgs.python314Packages.django-allauth

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication

nixos-unstable 65.14.3
- nixpkgs-unstable 65.14.3
- nixos-unstable-small 65.14.3

Package maintainers

@DerDennisOP Dennis <dennish@wuitz.de>

https://allauth.org/news/2026/02/django-allauth-65.14.1-released/

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0563

References

Affected products

Matching in nixpkgs

pkgs.python312Packages.django-allauth

pkgs.python313Packages.django-allauth

pkgs.python314Packages.django-allauth

Package maintainers