simplesamlphp/saml2 Security Advisories (7)
-
[HIGH] The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
PKSA-rxdv-j1j4-96fj CVE-2025-27773 GHSA-46r4-f8gj-xg56
Affected version: <=4.16.15|>=5.0.0-alpha.1,<=5.0.0-alpha.19
Reported by:
GitHub -
[MEDIUM] SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
PKSA-1983-c8jn-trgm CVE-2024-52806 GHSA-pxm4-r5ph-q2m2
Affected version: <4.6.14
Reported by:
GitHub -
[HIGH] Validation of SignedInfo
PKSA-c17n-yzdt-bpbs CVE-2023-49087 GHSA-ww7x-3gxh-qm6r
Affected version: =5.0.0-alpha.12
Reported by:
GitHub -
[HIGH] Incorrect signature validation
PKSA-vs15-drx5-pxpz CVE-2018-7711 GHSA-g888-g2pp-82hf
Affected version: <1.10.6|>=2.0,<2.3.8|>=3.0,<3.1.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Incorrect signature validation
PKSA-4sdq-zyfs-21dr CVE-2018-7644 GHSA-923w-2xv2-7pr8
Affected version: <1.10.5|>=2.0,<2.3.7|>=3.0,<3.1.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Denial of Service in timestamp validation function
PKSA-zg8j-dc1q-jp8v CVE-2018-6519 GHSA-hhm8-2j4g-mpgg
Affected version: <1.10.4|>=2.0,<2.3.5|>=3.0,<3.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Incorrect signature verification
PKSA-p9s6-dthp-ws2d CVE-2016-9814 GHSA-r8v4-7vwj-983x
Affected version: <1.8.1|>=1.9.0,<1.9.1|>=1.10,<1.10.3|>=2.0,<2.3.3
Reported by:
GitHub, FriendsOfPHP/security-advisories