https://harpi.cc/tags/django/Recent content in Django on harpi - Security ResearcherHugoen-usTue, 07 Apr 2026 11:34:27 +0300https://harpi.cc/blog/cves/django-allauth/Thu, 21 Nov 2024 00:00:00 +0000https://harpi.cc/blog/cves/django-allauth/<blockquote> <p><em>&ldquo;The street finds its own uses for things.&rdquo;</em> — William Gibson</p></blockquote> <h2 id="how-i-got-here">How I Got Here</h2> <p>In late 2024 I scoped out an engagement for <a href="https://www.radicallyopensecurity.com/">Radically Open Security</a> targeting <a href="https://github.com/pennersr/django-allauth">django-allauth</a> — one of the most widely-used authentication libraries for Django. The audit was funded by <a href="https://nlnet.nl/project/django-allauth/">NLnet</a> as part of the NGI Zero Entrust programme, and focused on newly added features: Passkey WebAuthN support, login by code, email verification by code, and the <code>allauth.headless</code> API.</p>