Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

simplesamlphp/saml2

Ecosystem:
packagist
Package URL:
pkg:composer/simplesamlphp/saml2
Total PRs:
12 Dependabot PRs
Latest PR:
9 months ago
Unique Repositories:
8 repositories
Unique Repos (30 days):
0 repositories
Security Advisories
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
GHSA-pxm4-r5ph-q2m2 CVE-2024-52806 MODERATE published over 1 year ago • updated 20 days ago
Summary When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://g...
SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability
GHSA-hhm8-2j4g-mpgg CVE-2018-6519 HIGH published about 4 years ago • updated 8 days ago
The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability f...
SimpleSAMLphp Improper Verification of Cryptographic Signature
GHSA-923w-2xv2-7pr8 CVE-2018-7644 HIGH published about 4 years ago • updated 14 days ago
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a r...
The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
GHSA-46r4-f8gj-xg56 CVE-2025-27773 HIGH published over 1 year ago • updated about 15 hours ago
### Summary There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect bindin...
SimpleSAMLphp SAML2 spoof SAML responses
GHSA-r8v4-7vwj-983x CVE-2016-9814 CRITICAL published about 4 years ago • updated 8 days ago
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1...
View all 7 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
build(deps): bump the production-dependencies group across 1 directory with 10 updates

Harshit0726/simplesamlphp #16

5.0.0-alpha.21 → 5.0.4 Patch PR
Closed 9 months ago 1 comment
Harshit0726
build(deps): bump the production-dependencies group across 1 directory with 10 updates

Harshit0726/simplesamlphp #13

5.0.0-alpha.21 → 5.0.2 Patch PR
Open 9 months ago
Harshit0726
build(deps): bump the production-dependencies group across 1 directory with 9 updates

Harshit0726/simplesamlphp #11

5.0.0-alpha.21 → 5.0.2 Patch PR
Closed 10 months ago 1 comment
Harshit0726
build(deps): bump the production-dependencies group with 9 updates

Harshit0726/simplesamlphp #1

5.0.0-alpha.21 → 5.0.2 Patch PR
Closed 11 months ago 1 comment
Harshit0726
Package Details
Name: simplesamlphp/saml2
Ecosystem: packagist
PURL Type: composer
Package URL: pkg:composer/simplesamlphp/saml2
JSON API: View JSON
Security Advisories

7

Active advisories
CRITICAL 1
HIGH 5
MODERATE 1
View All composer Advisories
Package Information
Description:

SAML2 PHP library from SimpleSAMLphp

Repository: https://github.com/simplesamlphp/saml2
Homepage:
Latest Release: v5.0.1
about 1 year ago
Dependent Repos: 293
Dependent Packages: 35
Downloads: 14,873,174
Ranking: Top 0.5234% by dependent repos Top 0.2269% by downloads Top 0.6085% by dependent pkgs
PR Status
Open 3 (25.0%)
Merged 2 (16.7%)
Closed 6 (50.0%)
PR Types
Major 1 (8.3%)
Minor 4 (33.3%)
Patch 4 (33.3%)