Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/simplesamlphp/saml2@1.5.4
Typecomposer
Namespacesimplesamlphp
Namesaml2
Version1.5.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.17.0
Latest_non_vulnerable_version4.17.0
Affected_by_vulnerabilities
0
url VCID-139j-7afy-wyf1
vulnerability_id VCID-139j-7afy-wyf1
summary 
Improper Input Validation
Rob Richards XmlSecLibs, as used for example by SimpleSAMLphp, performs incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3465
reference_id
reference_type
scores
0
value 0.01873
scoring_system epss
scoring_elements 0.83485
published_at 2026-06-05T12:55:00Z
1
value 0.01873
scoring_system epss
scoring_elements 0.83474
published_at 2026-06-08T12:55:00Z
2
value 0.01873
scoring_system epss
scoring_elements 0.8346
published_at 2026-06-04T12:55:00Z
3
value 0.01873
scoring_system epss
scoring_elements 0.83483
published_at 2026-06-07T12:55:00Z
4
value 0.01873
scoring_system epss
scoring_elements 0.83487
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3465
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3465
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/robrichards/xmlseclibs/CVE-2019-3465.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/robrichards/xmlseclibs/CVE-2019-3465.yaml
3
reference_url https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5
4
reference_url https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/
23
reference_url https://seclists.org/bugtraq/2019/Nov/8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Nov/8
24
reference_url https://simplesamlphp.org/security/201911-01
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201911-01
25
reference_url https://www.debian.org/security/2019/dsa-4560
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4560
26
reference_url https://www.tenable.com/security/tns-2019-09
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/tns-2019-09
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944107
reference_id 944107
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944107
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3465
reference_id CVE-2019-3465
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3465
29
reference_url https://github.com/advisories/GHSA-pqm6-cgwr-x6pf
reference_id GHSA-pqm6-cgwr-x6pf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pqm6-cgwr-x6pf
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@2.0.0
purl pkg:composer/simplesamlphp/saml2@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c55-4pyx-ckbx
1
vulnerability VCID-8b8r-g7e2-qfb2
2
vulnerability VCID-ma9b-k5br-ffhd
3
vulnerability VCID-ucwf-xdma-h7fc
4
vulnerability VCID-v3bx-f3um-8ubc
5
vulnerability VCID-wbt9-snjj-uuea
6
vulnerability VCID-xx6m-pvgs-puga
7
vulnerability VCID-zemd-kbb3-s3cr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@2.0.0
aliases CVE-2019-3465, GHSA-pqm6-cgwr-x6pf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-139j-7afy-wyf1
1
url VCID-6c55-4pyx-ckbx
vulnerability_id VCID-6c55-4pyx-ckbx
summary 
The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message.

I believe that it exists for v4 only. I have not yet developed a PoC.

V5 is well designed and instead builds the signed query from the same message that will be consumed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27773
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36188
published_at 2026-06-08T12:55:00Z
1
value 0.00157
scoring_system epss
scoring_elements 0.36226
published_at 2026-06-07T12:55:00Z
2
value 0.00157
scoring_system epss
scoring_elements 0.36263
published_at 2026-06-06T12:55:00Z
3
value 0.00157
scoring_system epss
scoring_elements 0.36254
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27773
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27773
2
reference_url https://github.com/simplesamlphp/saml2
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/saml2
3
reference_url https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:26:31Z/
url https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113
4
reference_url https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:26:31Z/
url https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217
5
reference_url https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:26:31Z/
url https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0
6
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00013.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00013.html
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100595
reference_id 1100595
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100595
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27773
reference_id CVE-2025-27773
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27773
9
reference_url https://github.com/advisories/GHSA-46r4-f8gj-xg56
reference_id GHSA-46r4-f8gj-xg56
reference_type
scores
url https://github.com/advisories/GHSA-46r4-f8gj-xg56
10
reference_url https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56
reference_id GHSA-46r4-f8gj-xg56
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:26:31Z/
url https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@4.17.0
purl pkg:composer/simplesamlphp/saml2@4.17.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@4.17.0
1
url pkg:composer/simplesamlphp/saml2@5.0.0-alpha.20
purl pkg:composer/simplesamlphp/saml2@5.0.0-alpha.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@5.0.0-alpha.20
aliases CVE-2025-27773, GHSA-46r4-f8gj-xg56
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6c55-4pyx-ckbx
2
url VCID-8b8r-g7e2-qfb2
vulnerability_id VCID-8b8r-g7e2-qfb2
summary 
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
Summary

When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52806
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.39843
published_at 2026-06-05T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.39793
published_at 2026-06-08T12:55:00Z
2
value 0.00183
scoring_system epss
scoring_elements 0.3982
published_at 2026-06-07T12:55:00Z
3
value 0.00183
scoring_system epss
scoring_elements 0.39846
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52806
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52806
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52806
2
reference_url https://github.com/simplesamlphp/saml2
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/saml2
3
reference_url https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T19:10:45Z/
url https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
reference_id 1088904
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52806
reference_id CVE-2024-52806
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52806
6
reference_url https://github.com/advisories/GHSA-pxm4-r5ph-q2m2
reference_id GHSA-pxm4-r5ph-q2m2
reference_type
scores
url https://github.com/advisories/GHSA-pxm4-r5ph-q2m2
7
reference_url https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2
reference_id GHSA-pxm4-r5ph-q2m2
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T19:10:45Z/
url https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@4.6.14
purl pkg:composer/simplesamlphp/saml2@4.6.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c55-4pyx-ckbx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@4.6.14
aliases CVE-2024-52806, GHSA-pxm4-r5ph-q2m2
risk_score 3.8
exploitability 0.5
weighted_severity 7.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8b8r-g7e2-qfb2
3
url VCID-ma9b-k5br-ffhd
vulnerability_id VCID-ma9b-k5br-ffhd
summary 
SimpleSAMLphp xml-common XXE vulnerability
When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52596
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44482
published_at 2026-06-08T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.44516
published_at 2026-06-07T12:55:00Z
2
value 0.00218
scoring_system epss
scoring_elements 0.44538
published_at 2026-06-06T12:55:00Z
3
value 0.00218
scoring_system epss
scoring_elements 0.44529
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52596
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52596
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52596
2
reference_url https://github.com/simplesamlphp/xml-common
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/xml-common
3
reference_url https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T18:32:34Z/
url https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5
4
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
reference_id 1088904
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52596
reference_id CVE-2024-52596
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52596
7
reference_url https://github.com/advisories/GHSA-2x65-fpch-2fcm
reference_id GHSA-2x65-fpch-2fcm
reference_type
scores
url https://github.com/advisories/GHSA-2x65-fpch-2fcm
8
reference_url https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm
reference_id GHSA-2x65-fpch-2fcm
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T18:32:34Z/
url https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@4.6.14
purl pkg:composer/simplesamlphp/saml2@4.6.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c55-4pyx-ckbx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@4.6.14
aliases CVE-2024-52596, GHSA-2x65-fpch-2fcm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ma9b-k5br-ffhd
4
url VCID-ucwf-xdma-h7fc
vulnerability_id VCID-ucwf-xdma-h7fc
summary 
Injection Vulnerability
The SAML2 library in `SimpleSAMLphp` has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6519
reference_id
reference_type
scores
0
value 0.00467
scoring_system epss
scoring_elements 0.64799
published_at 2026-06-04T12:55:00Z
1
value 0.00467
scoring_system epss
scoring_elements 0.64829
published_at 2026-06-08T12:55:00Z
2
value 0.00467
scoring_system epss
scoring_elements 0.6484
published_at 2026-06-07T12:55:00Z
3
value 0.00467
scoring_system epss
scoring_elements 0.64851
published_at 2026-06-06T12:55:00Z
4
value 0.00467
scoring_system epss
scoring_elements 0.64841
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6519
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-6519.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-6519.yaml
11
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6519
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6519
13
reference_url https://simplesamlphp.org/security/201801-01
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201801-01
14
reference_url https://www.debian.org/security/2018/dsa-4127
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4127
15
reference_url https://github.com/advisories/GHSA-hhm8-2j4g-mpgg
reference_id GHSA-hhm8-2j4g-mpgg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhm8-2j4g-mpgg
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@1.10.4
purl pkg:composer/simplesamlphp/saml2@1.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-139j-7afy-wyf1
1
vulnerability VCID-6c55-4pyx-ckbx
2
vulnerability VCID-8b8r-g7e2-qfb2
3
vulnerability VCID-ma9b-k5br-ffhd
4
vulnerability VCID-wbt9-snjj-uuea
5
vulnerability VCID-xx6m-pvgs-puga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.10.4
1
url pkg:composer/simplesamlphp/saml2@2.3.5
purl pkg:composer/simplesamlphp/saml2@2.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c55-4pyx-ckbx
1
vulnerability VCID-8b8r-g7e2-qfb2
2
vulnerability VCID-ma9b-k5br-ffhd
3
vulnerability VCID-v3bx-f3um-8ubc
4
vulnerability VCID-wbt9-snjj-uuea
5
vulnerability VCID-xx6m-pvgs-puga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@2.3.5
2
url pkg:composer/simplesamlphp/saml2@3.1.1
purl pkg:composer/simplesamlphp/saml2@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c55-4pyx-ckbx
1
vulnerability VCID-8b8r-g7e2-qfb2
2
vulnerability VCID-ma9b-k5br-ffhd
3
vulnerability VCID-wbt9-snjj-uuea
4
vulnerability VCID-xx6m-pvgs-puga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@3.1.1
aliases CVE-2018-6519, GHSA-hhm8-2j4g-mpgg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ucwf-xdma-h7fc
5
url VCID-wbt9-snjj-uuea
vulnerability_id VCID-wbt9-snjj-uuea
summary 
Improper signature validation
The `XmlSecLibs` library as used in the saml2 library in SimpleSAMLphp incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7644
reference_id
reference_type
scores
0
value 0.00213
scoring_system epss
scoring_elements 0.43902
published_at 2026-06-05T12:55:00Z
1
value 0.00213
scoring_system epss
scoring_elements 0.4385
published_at 2026-06-08T12:55:00Z
2
value 0.00213
scoring_system epss
scoring_elements 0.43885
published_at 2026-06-07T12:55:00Z
3
value 0.00213
scoring_system epss
scoring_elements 0.4391
published_at 2026-06-06T12:55:00Z
4
value 0.00213
scoring_system epss
scoring_elements 0.43832
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7644
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7644.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7644.yaml
11
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
12
reference_url https://simplesamlphp.org/security/201802-01
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201802-01
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7644
reference_id CVE-2018-7644
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7644
14
reference_url https://github.com/advisories/GHSA-923w-2xv2-7pr8
reference_id GHSA-923w-2xv2-7pr8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-923w-2xv2-7pr8
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@1.10.5
purl pkg:composer/simplesamlphp/saml2@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-139j-7afy-wyf1
1
vulnerability VCID-6c55-4pyx-ckbx
2
vulnerability VCID-8b8r-g7e2-qfb2
3
vulnerability VCID-ma9b-k5br-ffhd
4
vulnerability VCID-xx6m-pvgs-puga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.10.5
1
url pkg:composer/simplesamlphp/saml2@2.3.7
purl pkg:composer/simplesamlphp/saml2@2.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c55-4pyx-ckbx
1
vulnerability VCID-8b8r-g7e2-qfb2
2
vulnerability VCID-ma9b-k5br-ffhd
3
vulnerability VCID-v3bx-f3um-8ubc
4
vulnerability VCID-xx6m-pvgs-puga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@2.3.7
2
url pkg:composer/simplesamlphp/saml2@3.1.3
purl pkg:composer/simplesamlphp/saml2@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c55-4pyx-ckbx
1
vulnerability VCID-8b8r-g7e2-qfb2
2
vulnerability VCID-ma9b-k5br-ffhd
3
vulnerability VCID-xx6m-pvgs-puga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@3.1.3
aliases CVE-2018-7644, GHSA-923w-2xv2-7pr8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbt9-snjj-uuea
6
url VCID-xx6m-pvgs-puga
vulnerability_id VCID-xx6m-pvgs-puga
summary 
Incorrect signature validation
An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7711
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55378
published_at 2026-06-06T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.55347
published_at 2026-06-08T12:55:00Z
2
value 0.0032
scoring_system epss
scoring_elements 0.55367
published_at 2026-06-07T12:55:00Z
3
value 0.0032
scoring_system epss
scoring_elements 0.55317
published_at 2026-06-04T12:55:00Z
4
value 0.0032
scoring_system epss
scoring_elements 0.55374
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7711
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7711
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7711
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7711.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7711.yaml
3
reference_url https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
4
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00017.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/03/msg00017.html
5
reference_url https://simplesamlphp.org/security/201803-01
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201803-01
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7711
reference_id CVE-2018-7711
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7711
7
reference_url https://github.com/advisories/GHSA-g888-g2pp-82hf
reference_id GHSA-g888-g2pp-82hf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g888-g2pp-82hf
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@1.10.6
purl pkg:composer/simplesamlphp/saml2@1.10.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-139j-7afy-wyf1
1
vulnerability VCID-6c55-4pyx-ckbx
2
vulnerability VCID-8b8r-g7e2-qfb2
3
vulnerability VCID-ma9b-k5br-ffhd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.10.6
1
url pkg:composer/simplesamlphp/saml2@2.3.8
purl pkg:composer/simplesamlphp/saml2@2.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c55-4pyx-ckbx
1
vulnerability VCID-8b8r-g7e2-qfb2
2
vulnerability VCID-ma9b-k5br-ffhd
3
vulnerability VCID-v3bx-f3um-8ubc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@2.3.8
2
url pkg:composer/simplesamlphp/saml2@3.1.4
purl pkg:composer/simplesamlphp/saml2@3.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c55-4pyx-ckbx
1
vulnerability VCID-8b8r-g7e2-qfb2
2
vulnerability VCID-ma9b-k5br-ffhd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@3.1.4
aliases CVE-2018-7711, GHSA-g888-g2pp-82hf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xx6m-pvgs-puga
7
url VCID-zemd-kbb3-s3cr
vulnerability_id VCID-zemd-kbb3-s3cr
summary 
Incorrect signature verification
An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9814
reference_id
reference_type
scores
0
value 0.00825
scoring_system epss
scoring_elements 0.74827
published_at 2026-06-04T12:55:00Z
1
value 0.00825
scoring_system epss
scoring_elements 0.74839
published_at 2026-06-08T12:55:00Z
2
value 0.00825
scoring_system epss
scoring_elements 0.74855
published_at 2026-06-07T12:55:00Z
3
value 0.00825
scoring_system epss
scoring_elements 0.74863
published_at 2026-06-06T12:55:00Z
4
value 0.00825
scoring_system epss
scoring_elements 0.74858
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9814
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9814
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2016-9814.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2016-9814.yaml
3
reference_url https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c
reference_id
reference_type
scores
url https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c
4
reference_url https://github.com/simplesamlphp/saml2/pull/81
reference_id
reference_type
scores
url https://github.com/simplesamlphp/saml2/pull/81
5
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
6
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00001.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/03/msg00001.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9814
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9814
8
reference_url https://simplesamlphp.org/security/201612-01
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201612-01
9
reference_url http://www.securityfocus.com/bid/94730
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94730
10
reference_url https://github.com/advisories/GHSA-r8v4-7vwj-983x
reference_id GHSA-r8v4-7vwj-983x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r8v4-7vwj-983x
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@1.8.1
purl pkg:composer/simplesamlphp/saml2@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-139j-7afy-wyf1
1
vulnerability VCID-6c55-4pyx-ckbx
2
vulnerability VCID-8b8r-g7e2-qfb2
3
vulnerability VCID-ma9b-k5br-ffhd
4
vulnerability VCID-ucwf-xdma-h7fc
5
vulnerability VCID-wbt9-snjj-uuea
6
vulnerability VCID-xx6m-pvgs-puga
7
vulnerability VCID-zemd-kbb3-s3cr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.8.1
1
url pkg:composer/simplesamlphp/saml2@1.9.1
purl pkg:composer/simplesamlphp/saml2@1.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-139j-7afy-wyf1
1
vulnerability VCID-6c55-4pyx-ckbx
2
vulnerability VCID-8b8r-g7e2-qfb2
3
vulnerability VCID-ma9b-k5br-ffhd
4
vulnerability VCID-ucwf-xdma-h7fc
5
vulnerability VCID-wbt9-snjj-uuea
6
vulnerability VCID-xx6m-pvgs-puga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.9.1
2
url pkg:composer/simplesamlphp/saml2@1.10.3
purl pkg:composer/simplesamlphp/saml2@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-139j-7afy-wyf1
1
vulnerability VCID-6c55-4pyx-ckbx
2
vulnerability VCID-8b8r-g7e2-qfb2
3
vulnerability VCID-ma9b-k5br-ffhd
4
vulnerability VCID-ucwf-xdma-h7fc
5
vulnerability VCID-wbt9-snjj-uuea
6
vulnerability VCID-xx6m-pvgs-puga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.10.3
3
url pkg:composer/simplesamlphp/saml2@2.3.3
purl pkg:composer/simplesamlphp/saml2@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c55-4pyx-ckbx
1
vulnerability VCID-8b8r-g7e2-qfb2
2
vulnerability VCID-ma9b-k5br-ffhd
3
vulnerability VCID-ucwf-xdma-h7fc
4
vulnerability VCID-v3bx-f3um-8ubc
5
vulnerability VCID-wbt9-snjj-uuea
6
vulnerability VCID-xx6m-pvgs-puga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@2.3.3
aliases CVE-2016-9814, GHSA-r8v4-7vwj-983x
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zemd-kbb3-s3cr
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.5.4