Security Advisories - robrichards/xmlseclibs - Packagist

robrichards/xmlseclibs Security Advisories for 2.0.x-dev (3)

[MEDIUM] robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

PKSA-pcdf-qvqm-w4tv CVE-2025-66578 GHSA-c4cc-x928-vjw9

Affected version: <=3.1.3

Reported by:
GitHub
[HIGH] Critical signature bypass

PKSA-9qfh-kpgp-dw7t CVE-2019-3465 GHSA-pqm6-cgwr-x6pf

Affected version: >=1.0.0,<2.0.0|>=2.0.0,<2.1.1|>=3.0.0,<3.0.4

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Filter input to avoid XPath injection

PKSA-2f54-4t85-fzzg GHSA-2g98-f9jv-w8c5

Affected version: >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.0.2

Reported by:
GitHub, FriendsOfPHP/security-advisories