Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

simplesamlphp/saml2

Ecosystem:
packagist
Package URL:
pkg:composer/simplesamlphp/saml2
Total PRs:
12 Dependabot PRs
Latest PR:
9 months ago
Unique Repositories:
8 repositories
Unique Repos (30 days):
0 repositories
Security Advisories
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
GHSA-pxm4-r5ph-q2m2 CVE-2024-52806 MODERATE published over 1 year ago • updated 22 days ago
Summary When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://g...
SimpleSAMLphp saml2 incorrect signature validation
GHSA-g888-g2pp-82hf CVE-2018-7711 HIGH published about 4 years ago • updated about 21 hours ago
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities,...
SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability
GHSA-hhm8-2j4g-mpgg CVE-2018-6519 HIGH published about 4 years ago • updated 10 days ago
The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability f...
SimpleSAMLphp Improper Verification of Cryptographic Signature
GHSA-923w-2xv2-7pr8 CVE-2018-7644 HIGH published about 4 years ago • updated 15 days ago
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a r...
The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
GHSA-46r4-f8gj-xg56 CVE-2025-27773 HIGH published over 1 year ago • updated about 14 hours ago
### Summary There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect bindin...
View all 7 advisories
Recent PRs (filtered by: Closed , Patch PRs )
RSS Feed Clear filter
build(deps): bump the production-dependencies group across 1 directory with 10 updates

Harshit0726/simplesamlphp #16

5.0.0-alpha.21 → 5.0.4 Patch PR
Closed 9 months ago 1 comment
Harshit0726
build(deps): bump the production-dependencies group across 1 directory with 9 updates

Harshit0726/simplesamlphp #11

5.0.0-alpha.21 → 5.0.2 Patch PR
Closed 10 months ago 1 comment
Harshit0726
build(deps): bump the production-dependencies group with 9 updates

Harshit0726/simplesamlphp #1

5.0.0-alpha.21 → 5.0.2 Patch PR
Closed 11 months ago 1 comment
Harshit0726
Package Details
Name: simplesamlphp/saml2
Ecosystem: packagist
PURL Type: composer
Package URL: pkg:composer/simplesamlphp/saml2
JSON API: View JSON
Security Advisories

7

Active advisories
CRITICAL 1
HIGH 5
MODERATE 1
View All composer Advisories
Package Information
Description:

SAML2 PHP library from SimpleSAMLphp

Repository: https://github.com/simplesamlphp/saml2
Homepage:
Latest Release: v5.0.1
about 1 year ago
Dependent Repos: 293
Dependent Packages: 35
Downloads: 14,873,174
Ranking: Top 0.5234% by dependent repos Top 0.2269% by downloads Top 0.6085% by dependent pkgs
PR Status
Open 3 (25.0%)
Merged 2 (16.7%)
Closed 6 (50.0%)
PR Types
Major 1 (8.3%)
Minor 4 (33.3%)
Patch 4 (33.3%)