[HIGH] The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding

PKSA-f546-f49f-cw9s CVE-2025-27773 GHSA-46r4-f8gj-xg56

Affected version: <=4.16.15

Reported by:
GitHub

[MEDIUM] SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

PKSA-mvk4-j13p-n98v CVE-2024-52806 GHSA-pxm4-r5ph-q2m2

Affected version: <4.6.14

Reported by:
GitHub