GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
samlify SAML Signature Wrapping attack
Critical
CVE-2025-47949
was published
for
samlify
(npm)
May 19, 2025
The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
High
CVE-2025-27773
was published
for
simplesamlphp/saml2
(Composer)
Mar 11, 2025
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)
Critical
CVE-2025-25291
was published
for
ruby-saml
(RubyGems)
Mar 12, 2025
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
Critical
CVE-2025-29775
was published
for
xml-crypto
(npm)
Mar 14, 2025
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
Critical
CVE-2025-29774
was published
for
xml-crypto
(npm)
Mar 14, 2025
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
Moderate
CVE-2024-52806
was published
for
simplesamlphp/saml2
(Composer)
Dec 2, 2024
SimpleSAMLphp xml-common XXE vulnerability
High
CVE-2024-52596
was published
for
simplesamlphp/xml-common
(Composer)
Dec 2, 2024
SimpleSAMLphp vulnerable to XXE in parsing SAML messages
High
GHSA-j5g2-q29x-cw3h
was published
for
simplesamlphp/simplesamlphp
(Composer)
Dec 2, 2024
•
withdrawn
SSOReady has an XML Signature Bypass via differential XML parsing
Critical
CVE-2024-47832
was published
for
github.com/ssoready/ssoready
(Go)
Oct 11, 2024
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
Critical
GHSA-cvp8-5r8g-fhvq
was published
for
omniauth-saml
(RubyGems)
Sep 11, 2024
SAML authentication bypass via Incorrect XPath selector
Critical
CVE-2024-45409
was published
for
ruby-saml
(RubyGems)
Sep 10, 2024
ProTip!
Advisories are also available from the
GraphQL API