Security Advisories - simplesamlphp/saml2 - Packagist

simplesamlphp/saml2 Security Advisories for v4.2.4 (2)

[HIGH] The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding

PKSA-rxdv-j1j4-96fj CVE-2025-27773 GHSA-46r4-f8gj-xg56

Affected version: <=4.16.15|>=5.0.0-alpha.1,<=5.0.0-alpha.19

Reported by:
GitHub
[MEDIUM] SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

PKSA-1983-c8jn-trgm CVE-2024-52806 GHSA-pxm4-r5ph-q2m2

Affected version: <4.6.14

Reported by:
GitHub