simplesamlphp/saml2
Ecosystem:
packagist
packagist
Package URL:
pkg:composer/simplesamlphp/saml2
Total PRs:
11 Dependabot PRs
11 Dependabot PRs
Latest PR:
5 months ago
5 months ago
Unique Repositories:
7 repositories
7 repositories
Unique Repos (30 days):
0 repositories
0 repositories
Security Advisories
The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
GHSA-46r4-f8gj-xg56
CVE-2025-27773
HIGH
published 12 months ago
• updated about 1 hour ago
### Summary
There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect bindin...
Validation of SignedInfo
GHSA-ww7x-3gxh-qm6r
CVE-2023-49087
HIGH
published about 2 years ago
• updated 2 days ago
Validation of an XML Signature requires verification that the hash value of the related XML-document (after any optional transformations and/or nor...
SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability
GHSA-hhm8-2j4g-mpgg
CVE-2018-6519
HIGH
published almost 4 years ago
• updated 3 days ago
The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability f...
SimpleSAMLphp Improper Verification of Cryptographic Signature
GHSA-923w-2xv2-7pr8
CVE-2018-7644
HIGH
published almost 4 years ago
• updated about 18 hours ago
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a r...
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
GHSA-pxm4-r5ph-q2m2
CVE-2024-52806
MODERATE
published about 1 year ago
• updated 2 days ago
Summary
When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE.
$options is defined as: https://g...
Recent PRs
build(deps): bump the production-dependencies group across 1 directory with 10 updates
5.0.0-alpha.21 → 5.0.4
Patch PR
Closed
5 months ago
1 comment
build(deps): bump the production-dependencies group across 1 directory with 10 updates
5.0.0-alpha.21 → 5.0.2
Patch PR
Open
6 months ago
build(deps): bump the production-dependencies group across 1 directory with 9 updates
5.0.0-alpha.21 → 5.0.2
Patch PR
Closed
6 months ago
1 comment
build(deps): bump the production-dependencies group with 9 updates
5.0.0-alpha.21 → 5.0.2
Patch PR
Closed
8 months ago
1 comment
Bump simplesamlphp/saml2 from 4.17.0 to 5.0.1
teamforus/forus-backend #2602
4.17.0 → 5.0.1
Major PR
Open
9 months ago
1 comment
Update simplesamlphp/saml2 requirement from ^4.6 to ^5.0 in the production-dependencies group
simplesamlphp/simplesamlphp-module-metaedit #10
^4.6 → ^5.0
Closed
10 months ago
1 comment
Bump simplesamlphp/saml2 from 4.16.14 to 4.17.0
OpenConext/Stepup-RA #439
4.16.14 → 4.17.0
Minor PR
Merged
12 months ago
Bump simplesamlphp/saml2 from 4.16.14 to 4.17.0
OpenConext/Stepup-Middleware #533
4.16.14 → 4.17.0
Minor PR
Closed
12 months ago
2 comments
Bump simplesamlphp/saml2 from 4.16.14 to 4.17.0
OpenConext/Stepup-AzureMFA #180
4.16.14 → 4.17.0
Minor PR
Open
12 months ago
2 comments
Package Details
| Name: | simplesamlphp/saml2 |
| Ecosystem: | packagist |
| PURL Type: | composer |
| Package URL: | pkg:composer/simplesamlphp/saml2 |
| JSON API: | View JSON |
Security Advisories
Package Information
Description:
SAML2 PHP library from SimpleSAMLphp
| Repository: | https://github.com/simplesamlphp/saml2 |
| Homepage: | |
| Latest Release: |
v5.0.1
10 months ago |
| Dependent Repos: | 293 |
| Dependent Packages: | 35 |
| Downloads: | 14,873,174 |
| Ranking: | Top 0.5234% by dependent repos Top 0.2269% by downloads Top 0.6085% by dependent pkgs |