Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/151155?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/151155?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.15.0-rc1", "type": "composer", "namespace": "simplesamlphp", "name": "simplesamlphp", "version": "1.15.0-rc1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.18.6", "latest_non_vulnerable_version": "2.3.4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39369?format=api", "vulnerability_id": "VCID-4gux-4jrc-w7ce", "summary": "URL Redirection to Untrusted Site (Open Redirect)\n`SimpleSAMLphp` allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6520", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37218", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6520" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6520.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6520.yaml" }, { "reference_url": "https://github.com/simplesamlphp/simplesamlphp", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/simplesamlphp/simplesamlphp" }, { "reference_url": "https://github.com/simplesamlphp/simplesamlphp/issues/1473", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/simplesamlphp/simplesamlphp/issues/1473" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6520", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6520" }, { "reference_url": "https://simplesamlphp.org/security/201801-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://simplesamlphp.org/security/201801-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54979?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.15.2" } ], "aliases": [ "CVE-2018-6520", "GHSA-2qfc-48v5-4w5h" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gux-4jrc-w7ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52533?format=api", "vulnerability_id": "VCID-6fwf-1xps-t7g5", "summary": "Information Exposure\nSimpleSAMLphp contain an information disclosure vulnerability. The module controller in `SimpleSAML\\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists, it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34064", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5301" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2020-5301.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2020-5301.yaml" }, { "reference_url": "https://github.com/simplesamlphp/simplesamlphp", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/simplesamlphp/simplesamlphp" }, { "reference_url": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e" }, { "reference_url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq" }, { "reference_url": "https://simplesamlphp.org/security/202004-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://simplesamlphp.org/security/202004-01" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5301", "reference_id": "CVE-2020-5301", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5301" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77140?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.18.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.18.6" } ], "aliases": [ "CVE-2020-5301", "GHSA-24m3-w8g9-jwpq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fwf-1xps-t7g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41159?format=api", "vulnerability_id": "VCID-d1cm-xhdp-8qhv", "summary": "Cross-site Scripting\nReflected Cross-Site-Scripting in simplesamlphp.", "references": [ { "reference_url": "https://simplesamlphp.org/security/201907-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://simplesamlphp.org/security/201907-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58293?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-8w1y-praq-2bb2" }, { "vulnerability": "VCID-pecs-5zkn-6qfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.17.0" } ], "aliases": [ "GMS-2019-149" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d1cm-xhdp-8qhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39368?format=api", "vulnerability_id": "VCID-ywuy-my3f-x7cd", "summary": "Security Misconfigurations\nThe sqlauth module in `SimpleSAMLphp` relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6521", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69429", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6521" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6521.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6521.yaml" }, { "reference_url": "https://github.com/simplesamlphp/simplesamlphp", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/simplesamlphp/simplesamlphp" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6521", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6521" }, { "reference_url": "https://simplesamlphp.org/security/201801-03", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://simplesamlphp.org/security/201801-03" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4127", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4127" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54979?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.15.2" } ], "aliases": [ "CVE-2018-6521", "GHSA-qv5p-6wrc-79wg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ywuy-my3f-x7cd" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39108?format=api", "vulnerability_id": "VCID-cmqz-hp34-8kcx", "summary": "Improper Certificate Validation\nSignature validation bypass in simplesamlphp.", "references": [ { "reference_url": "https://simplesamlphp.org/security/201710-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://simplesamlphp.org/security/201710-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54606?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/151155?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.15.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.15.0-rc1" } ], "aliases": [ "201710-01" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmqz-hp34-8kcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38799?format=api", "vulnerability_id": "VCID-dgs2-3xbu-c3ff", "summary": "Information Exposure\nThe `SimpleSAML_Session` class in SimpleSAMLphp allows remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.61277", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12872" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-12872.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-12872.yaml" }, { "reference_url": "https://github.com/simplesamlphp/simplesamlphp/commit/b72c79e3070f930d758f5c269333d63ed7509e2e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/simplesamlphp/simplesamlphp/commit/b72c79e3070f930d758f5c269333d63ed7509e2e" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00017.html" }, { "reference_url": "https://simplesamlphp.org/security/201703-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://simplesamlphp.org/security/201703-01" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12872", "reference_id": "CVE-2017-12872", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12872" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54042?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/151155?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.15.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.15.0-rc1" } ], "aliases": [ "CVE-2017-12872", "GHSA-v882-949x-6v28" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgs2-3xbu-c3ff" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.15.0-rc1" }