Security Advisories - simplesamlphp/saml2 - Packagist

simplesamlphp/saml2 Security Advisories for v2.3.6 (4)

[HIGH] The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding

PKSA-rxdv-j1j4-96fj CVE-2025-27773 GHSA-46r4-f8gj-xg56

Affected version: <=4.16.15|>=5.0.0-alpha.1,<=5.0.0-alpha.19

Reported by:
GitHub
[MEDIUM] SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

PKSA-1983-c8jn-trgm CVE-2024-52806 GHSA-pxm4-r5ph-q2m2

Affected version: <4.6.14

Reported by:
GitHub
[HIGH] Incorrect signature validation

PKSA-vs15-drx5-pxpz CVE-2018-7711 GHSA-g888-g2pp-82hf

Affected version: <1.10.6|>=2.0,<2.3.8|>=3.0,<3.1.4

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Incorrect signature validation

PKSA-4sdq-zyfs-21dr CVE-2018-7644 GHSA-923w-2xv2-7pr8

Affected version: <1.10.5|>=2.0,<2.3.7|>=3.0,<3.1.3

Reported by:
GitHub, FriendsOfPHP/security-advisories