[HIGH] xmlseclibs: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

PKSA-pr5h-1dpm-9x4k CVE-2026-32313 GHSA-4v26-v6cg-g6f9

Affected version: <3.1.5

Reported by:
GitHub

[MEDIUM] robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

PKSA-pcdf-qvqm-w4tv CVE-2025-66578 GHSA-c4cc-x928-vjw9

Affected version: <=3.1.3

Reported by:
GitHub

[HIGH] Critical signature bypass

PKSA-9qfh-kpgp-dw7t CVE-2019-3465 GHSA-pqm6-cgwr-x6pf

Affected version: >=1.0.0,<2.0.0|>=2.0.0,<2.1.1|>=3.0.0,<3.0.4

Reported by:
GitHub, FriendsOfPHP/security-advisories