Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

simplesamlphp/saml2

Ecosystem:
packagist
Package URL:
pkg:composer/simplesamlphp/saml2
Total PRs:
11 Dependabot PRs
Latest PR:
5 months ago
Unique Repositories:
7 repositories
Unique Repos (30 days):
0 repositories
Security Advisories
The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
GHSA-46r4-f8gj-xg56 CVE-2025-27773 HIGH published 12 months ago • updated about 2 hours ago
### Summary There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect bindin...
Validation of SignedInfo
GHSA-ww7x-3gxh-qm6r CVE-2023-49087 HIGH published about 2 years ago • updated 3 days ago
Validation of an XML Signature requires verification that the hash value of the related XML-document (after any optional transformations and/or nor...
SimpleSAMLphp Improper Verification of Cryptographic Signature
GHSA-923w-2xv2-7pr8 CVE-2018-7644 HIGH published almost 4 years ago • updated about 5 hours ago
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a r...
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
GHSA-pxm4-r5ph-q2m2 CVE-2024-52806 MODERATE published about 1 year ago • updated 3 days ago
Summary When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://g...
SimpleSAMLphp SAML2 spoof SAML responses
GHSA-r8v4-7vwj-983x CVE-2016-9814 CRITICAL published almost 4 years ago • updated 3 days ago
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1...
View all 7 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
build(deps): bump the production-dependencies group across 1 directory with 10 updates

Harshit0726/simplesamlphp #16

5.0.0-alpha.21 → 5.0.4 Patch PR
Closed 5 months ago 1 comment
Harshit0726
build(deps): bump the production-dependencies group across 1 directory with 10 updates

Harshit0726/simplesamlphp #13

5.0.0-alpha.21 → 5.0.2 Patch PR
Open 6 months ago
Harshit0726
build(deps): bump the production-dependencies group across 1 directory with 9 updates

Harshit0726/simplesamlphp #11

5.0.0-alpha.21 → 5.0.2 Patch PR
Closed 6 months ago 1 comment
Harshit0726
build(deps): bump the production-dependencies group with 9 updates

Harshit0726/simplesamlphp #1

5.0.0-alpha.21 → 5.0.2 Patch PR
Closed 8 months ago 1 comment
Harshit0726
Package Details
Name: simplesamlphp/saml2
Ecosystem: packagist
PURL Type: composer
Package URL: pkg:composer/simplesamlphp/saml2
JSON API: View JSON
Security Advisories

7

Active advisories
CRITICAL 1
HIGH 5
MODERATE 1
View All composer Advisories
Package Information
Description:

SAML2 PHP library from SimpleSAMLphp

Repository: https://github.com/simplesamlphp/saml2
Homepage:
Latest Release: v5.0.1
10 months ago
Dependent Repos: 293
Dependent Packages: 35
Downloads: 14,873,174
Ranking: Top 0.5234% by dependent repos Top 0.2269% by downloads Top 0.6085% by dependent pkgs
PR Status
Open 3 (27.3%)
Merged 2 (18.2%)
Closed 5 (45.5%)
PR Types
Minor 3 (27.3%)
Major 1 (9.1%)
Patch 4 (36.4%)