Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/simplesamlphp/saml2@0.8.1
Typecomposer
Namespacesimplesamlphp
Namesaml2
Version0.8.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.17.0
Latest_non_vulnerable_version4.17.0
Affected_by_vulnerabilities
0
url VCID-418w-j3pp-s3hq
vulnerability_id VCID-418w-j3pp-s3hq
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7644
reference_id
reference_type
scores
0
value 0.00213
scoring_system epss
scoring_elements 0.43917
published_at 2026-06-11T12:55:00Z
1
value 0.00213
scoring_system epss
scoring_elements 0.44071
published_at 2026-06-12T12:55:00Z
2
value 0.00213
scoring_system epss
scoring_elements 0.4409
published_at 2026-06-13T12:55:00Z
3
value 0.00213
scoring_system epss
scoring_elements 0.44078
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7644
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7644.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7644.yaml
11
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7644
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7644
13
reference_url https://simplesamlphp.org/security/201802-01
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201802-01
14
reference_url https://github.com/advisories/GHSA-923w-2xv2-7pr8
reference_id GHSA-923w-2xv2-7pr8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-923w-2xv2-7pr8
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@1.10.5
purl pkg:composer/simplesamlphp/saml2@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ghf-nbrc-m7e2
1
vulnerability VCID-8qrc-1cx7-zuac
2
vulnerability VCID-cv34-tryp-13cd
3
vulnerability VCID-fqhw-vnhk-j7fu
4
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.10.5
1
url pkg:composer/simplesamlphp/saml2@2.3.7
purl pkg:composer/simplesamlphp/saml2@2.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ghf-nbrc-m7e2
1
vulnerability VCID-8qrc-1cx7-zuac
2
vulnerability VCID-fqhw-vnhk-j7fu
3
vulnerability VCID-ject-qv5p-hqfw
4
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@2.3.7
2
url pkg:composer/simplesamlphp/saml2@3.1.3
purl pkg:composer/simplesamlphp/saml2@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ghf-nbrc-m7e2
1
vulnerability VCID-8qrc-1cx7-zuac
2
vulnerability VCID-fqhw-vnhk-j7fu
3
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@3.1.3
aliases CVE-2018-7644, GHSA-923w-2xv2-7pr8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-418w-j3pp-s3hq
1
url VCID-4ghf-nbrc-m7e2
vulnerability_id VCID-4ghf-nbrc-m7e2
summary SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52806
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.40052
published_at 2026-06-13T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.40042
published_at 2026-06-14T12:55:00Z
2
value 0.00183
scoring_system epss
scoring_elements 0.4003
published_at 2026-06-12T12:55:00Z
3
value 0.00183
scoring_system epss
scoring_elements 0.3986
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52806
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52806
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52806
2
reference_url https://github.com/simplesamlphp/saml2
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/saml2
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52806
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52806
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
reference_id 1088904
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
5
reference_url https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7
reference_id 5fd4ce4596656fb0c1278f15b8305825412e89f7
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T19:10:45Z/
url https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7
6
reference_url https://github.com/advisories/GHSA-pxm4-r5ph-q2m2
reference_id GHSA-pxm4-r5ph-q2m2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pxm4-r5ph-q2m2
7
reference_url https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2
reference_id GHSA-pxm4-r5ph-q2m2
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T19:10:45Z/
url https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@4.6.14
purl pkg:composer/simplesamlphp/saml2@4.6.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fqhw-vnhk-j7fu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@4.6.14
aliases CVE-2024-52806, GHSA-pxm4-r5ph-q2m2
risk_score 3.8
exploitability 0.5
weighted_severity 7.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ghf-nbrc-m7e2
2
url VCID-66su-j8hj-93d5
vulnerability_id VCID-66su-j8hj-93d5
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6519
reference_id
reference_type
scores
0
value 0.00467
scoring_system epss
scoring_elements 0.64903
published_at 2026-06-11T12:55:00Z
1
value 0.00467
scoring_system epss
scoring_elements 0.65003
published_at 2026-06-12T12:55:00Z
2
value 0.00467
scoring_system epss
scoring_elements 0.65015
published_at 2026-06-13T12:55:00Z
3
value 0.00467
scoring_system epss
scoring_elements 0.65011
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6519
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-6519.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-6519.yaml
11
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6519
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6519
13
reference_url https://simplesamlphp.org/security/201801-01
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201801-01
14
reference_url https://www.debian.org/security/2018/dsa-4127
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4127
15
reference_url https://github.com/advisories/GHSA-hhm8-2j4g-mpgg
reference_id GHSA-hhm8-2j4g-mpgg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhm8-2j4g-mpgg
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@1.10.4
purl pkg:composer/simplesamlphp/saml2@1.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418w-j3pp-s3hq
1
vulnerability VCID-4ghf-nbrc-m7e2
2
vulnerability VCID-8qrc-1cx7-zuac
3
vulnerability VCID-cv34-tryp-13cd
4
vulnerability VCID-fqhw-vnhk-j7fu
5
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.10.4
1
url pkg:composer/simplesamlphp/saml2@2.3.5
purl pkg:composer/simplesamlphp/saml2@2.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418w-j3pp-s3hq
1
vulnerability VCID-4ghf-nbrc-m7e2
2
vulnerability VCID-8qrc-1cx7-zuac
3
vulnerability VCID-fqhw-vnhk-j7fu
4
vulnerability VCID-ject-qv5p-hqfw
5
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@2.3.5
2
url pkg:composer/simplesamlphp/saml2@3.1.1
purl pkg:composer/simplesamlphp/saml2@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418w-j3pp-s3hq
1
vulnerability VCID-4ghf-nbrc-m7e2
2
vulnerability VCID-8qrc-1cx7-zuac
3
vulnerability VCID-fqhw-vnhk-j7fu
4
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@3.1.1
aliases CVE-2018-6519, GHSA-hhm8-2j4g-mpgg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66su-j8hj-93d5
3
url VCID-8qrc-1cx7-zuac
vulnerability_id VCID-8qrc-1cx7-zuac
summary SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52596
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44701
published_at 2026-06-12T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.44706
published_at 2026-06-14T12:55:00Z
2
value 0.00218
scoring_system epss
scoring_elements 0.44718
published_at 2026-06-13T12:55:00Z
3
value 0.00218
scoring_system epss
scoring_elements 0.44549
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52596
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52596
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52596
2
reference_url https://github.com/simplesamlphp/xml-common
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/xml-common
3
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52596
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52596
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
reference_id 1088904
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
6
reference_url https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5
reference_id fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T18:32:34Z/
url https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5
7
reference_url https://github.com/advisories/GHSA-2x65-fpch-2fcm
reference_id GHSA-2x65-fpch-2fcm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2x65-fpch-2fcm
8
reference_url https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm
reference_id GHSA-2x65-fpch-2fcm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T18:32:34Z/
url https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@4.6.14
purl pkg:composer/simplesamlphp/saml2@4.6.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fqhw-vnhk-j7fu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@4.6.14
aliases CVE-2024-52596, GHSA-2x65-fpch-2fcm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qrc-1cx7-zuac
4
url VCID-97b7-hgde-6bah
vulnerability_id VCID-97b7-hgde-6bah
summary The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9814
reference_id
reference_type
scores
0
value 0.00825
scoring_system epss
scoring_elements 0.74911
published_at 2026-06-11T12:55:00Z
1
value 0.00825
scoring_system epss
scoring_elements 0.74982
published_at 2026-06-12T12:55:00Z
2
value 0.00825
scoring_system epss
scoring_elements 0.74996
published_at 2026-06-13T12:55:00Z
3
value 0.00825
scoring_system epss
scoring_elements 0.74992
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9814
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9814
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2016-9814.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2016-9814.yaml
3
reference_url https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c
reference_id
reference_type
scores
url https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c
4
reference_url https://github.com/simplesamlphp/saml2/pull/81
reference_id
reference_type
scores
url https://github.com/simplesamlphp/saml2/pull/81
5
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
6
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00001.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/03/msg00001.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9814
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9814
8
reference_url https://simplesamlphp.org/security/201612-01
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201612-01
9
reference_url http://www.securityfocus.com/bid/94730
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94730
10
reference_url https://github.com/advisories/GHSA-r8v4-7vwj-983x
reference_id GHSA-r8v4-7vwj-983x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r8v4-7vwj-983x
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@1.8.1
purl pkg:composer/simplesamlphp/saml2@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418w-j3pp-s3hq
1
vulnerability VCID-4ghf-nbrc-m7e2
2
vulnerability VCID-66su-j8hj-93d5
3
vulnerability VCID-8qrc-1cx7-zuac
4
vulnerability VCID-97b7-hgde-6bah
5
vulnerability VCID-cv34-tryp-13cd
6
vulnerability VCID-fqhw-vnhk-j7fu
7
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.8.1
1
url pkg:composer/simplesamlphp/saml2@1.9.1
purl pkg:composer/simplesamlphp/saml2@1.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418w-j3pp-s3hq
1
vulnerability VCID-4ghf-nbrc-m7e2
2
vulnerability VCID-66su-j8hj-93d5
3
vulnerability VCID-8qrc-1cx7-zuac
4
vulnerability VCID-cv34-tryp-13cd
5
vulnerability VCID-fqhw-vnhk-j7fu
6
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.9.1
2
url pkg:composer/simplesamlphp/saml2@1.10.3
purl pkg:composer/simplesamlphp/saml2@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418w-j3pp-s3hq
1
vulnerability VCID-4ghf-nbrc-m7e2
2
vulnerability VCID-66su-j8hj-93d5
3
vulnerability VCID-8qrc-1cx7-zuac
4
vulnerability VCID-cv34-tryp-13cd
5
vulnerability VCID-fqhw-vnhk-j7fu
6
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.10.3
3
url pkg:composer/simplesamlphp/saml2@2.3.3
purl pkg:composer/simplesamlphp/saml2@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418w-j3pp-s3hq
1
vulnerability VCID-4ghf-nbrc-m7e2
2
vulnerability VCID-66su-j8hj-93d5
3
vulnerability VCID-8qrc-1cx7-zuac
4
vulnerability VCID-fqhw-vnhk-j7fu
5
vulnerability VCID-ject-qv5p-hqfw
6
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@2.3.3
aliases CVE-2016-9814, GHSA-r8v4-7vwj-983x
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-97b7-hgde-6bah
5
url VCID-cv34-tryp-13cd
vulnerability_id VCID-cv34-tryp-13cd
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3465
reference_id
reference_type
scores
0
value 0.01873
scoring_system epss
scoring_elements 0.83583
published_at 2026-06-12T12:55:00Z
1
value 0.01873
scoring_system epss
scoring_elements 0.83523
published_at 2026-06-11T12:55:00Z
2
value 0.01873
scoring_system epss
scoring_elements 0.8359
published_at 2026-06-14T12:55:00Z
3
value 0.01873
scoring_system epss
scoring_elements 0.83592
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3465
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3465
2
reference_url https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5
3
reference_url https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/
22
reference_url https://seclists.org/bugtraq/2019/Nov/8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Nov/8
23
reference_url https://simplesamlphp.org/security/201911-01
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201911-01
24
reference_url https://www.debian.org/security/2019/dsa-4560
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4560
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944107
reference_id 944107
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944107
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3465
reference_id CVE-2019-3465
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3465
27
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/robrichards/xmlseclibs/CVE-2019-3465.yaml
reference_id CVE-2019-3465.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/robrichards/xmlseclibs/CVE-2019-3465.yaml
28
reference_url https://github.com/advisories/GHSA-pqm6-cgwr-x6pf
reference_id GHSA-pqm6-cgwr-x6pf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pqm6-cgwr-x6pf
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@2.0.0
purl pkg:composer/simplesamlphp/saml2@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418w-j3pp-s3hq
1
vulnerability VCID-4ghf-nbrc-m7e2
2
vulnerability VCID-66su-j8hj-93d5
3
vulnerability VCID-8qrc-1cx7-zuac
4
vulnerability VCID-97b7-hgde-6bah
5
vulnerability VCID-fqhw-vnhk-j7fu
6
vulnerability VCID-ject-qv5p-hqfw
7
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@2.0.0
aliases CVE-2019-3465, GHSA-pqm6-cgwr-x6pf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cv34-tryp-13cd
6
url VCID-fqhw-vnhk-j7fu
vulnerability_id VCID-fqhw-vnhk-j7fu
summary The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27773
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36253
published_at 2026-06-11T12:55:00Z
1
value 0.00157
scoring_system epss
scoring_elements 0.36446
published_at 2026-06-14T12:55:00Z
2
value 0.00157
scoring_system epss
scoring_elements 0.36432
published_at 2026-06-12T12:55:00Z
3
value 0.00157
scoring_system epss
scoring_elements 0.36458
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27773
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27773
2
reference_url https://github.com/simplesamlphp/saml2
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/saml2
3
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00013.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00013.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27773
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27773
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100595
reference_id 1100595
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100595
6
reference_url https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0
reference_id 7867d6099dc7f31bed1ea10e5bea159c5623d2a0
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:26:31Z/
url https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0
7
reference_url https://github.com/advisories/GHSA-46r4-f8gj-xg56
reference_id GHSA-46r4-f8gj-xg56
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-46r4-f8gj-xg56
8
reference_url https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56
reference_id GHSA-46r4-f8gj-xg56
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:26:31Z/
url https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56
9
reference_url https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113
reference_id HTTPRedirect.php#L104-L113
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:26:31Z/
url https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113
10
reference_url https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217
reference_id HTTPRedirect.php#L178-L217
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:26:31Z/
url https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@4.17.0
purl pkg:composer/simplesamlphp/saml2@4.17.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@4.17.0
1
url pkg:composer/simplesamlphp/saml2@5.0.0-alpha.20
purl pkg:composer/simplesamlphp/saml2@5.0.0-alpha.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@5.0.0-alpha.20
aliases CVE-2025-27773, GHSA-46r4-f8gj-xg56
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqhw-vnhk-j7fu
7
url VCID-ject-qv5p-hqfw
vulnerability_id VCID-ject-qv5p-hqfw
summary 
Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. 
Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: the issuer of the generated identity and claims; or items in the stored request state (AuthenticationProperties). This issue is patched in versions 2.9.2 and 1.0.3. The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41890
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.3312
published_at 2026-06-11T12:55:00Z
1
value 0.00135
scoring_system epss
scoring_elements 0.33301
published_at 2026-06-12T12:55:00Z
2
value 0.00135
scoring_system epss
scoring_elements 0.33321
published_at 2026-06-13T12:55:00Z
3
value 0.00201
scoring_system epss
scoring_elements 0.42329
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41890
1
reference_url https://github.com/Sustainsys/Saml2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Sustainsys/Saml2
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41890
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41890
3
reference_url https://github.com/Sustainsys/Saml2/issues/712
reference_id 712
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:58Z/
url https://github.com/Sustainsys/Saml2/issues/712
4
reference_url https://github.com/Sustainsys/Saml2/issues/713
reference_id 713
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:58Z/
url https://github.com/Sustainsys/Saml2/issues/713
5
reference_url https://github.com/advisories/GHSA-fv2h-753j-9g39
reference_id GHSA-fv2h-753j-9g39
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fv2h-753j-9g39
6
reference_url https://github.com/Sustainsys/Saml2/security/advisories/GHSA-fv2h-753j-9g39
reference_id GHSA-fv2h-753j-9g39
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:58Z/
url https://github.com/Sustainsys/Saml2/security/advisories/GHSA-fv2h-753j-9g39
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@1.1.0
purl pkg:composer/simplesamlphp/saml2@1.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418w-j3pp-s3hq
1
vulnerability VCID-4ghf-nbrc-m7e2
2
vulnerability VCID-66su-j8hj-93d5
3
vulnerability VCID-8qrc-1cx7-zuac
4
vulnerability VCID-97b7-hgde-6bah
5
vulnerability VCID-cv34-tryp-13cd
6
vulnerability VCID-fqhw-vnhk-j7fu
7
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.1.0
1
url pkg:composer/simplesamlphp/saml2@3.0.0
purl pkg:composer/simplesamlphp/saml2@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418w-j3pp-s3hq
1
vulnerability VCID-4ghf-nbrc-m7e2
2
vulnerability VCID-66su-j8hj-93d5
3
vulnerability VCID-8qrc-1cx7-zuac
4
vulnerability VCID-fqhw-vnhk-j7fu
5
vulnerability VCID-r99h-renx-4bd1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@3.0.0
aliases CVE-2023-41890, GHSA-fv2h-753j-9g39
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ject-qv5p-hqfw
8
url VCID-r99h-renx-4bd1
vulnerability_id VCID-r99h-renx-4bd1
summary HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7711
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55441
published_at 2026-06-11T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.55562
published_at 2026-06-12T12:55:00Z
2
value 0.0032
scoring_system epss
scoring_elements 0.55577
published_at 2026-06-13T12:55:00Z
3
value 0.0032
scoring_system epss
scoring_elements 0.55564
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7711
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7711
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7711
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7711.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7711.yaml
3
reference_url https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
4
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00017.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/03/msg00017.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7711
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7711
6
reference_url https://simplesamlphp.org/security/201803-01
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201803-01
7
reference_url https://github.com/advisories/GHSA-g888-g2pp-82hf
reference_id GHSA-g888-g2pp-82hf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g888-g2pp-82hf
fixed_packages
0
url pkg:composer/simplesamlphp/saml2@1.10.6
purl pkg:composer/simplesamlphp/saml2@1.10.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ghf-nbrc-m7e2
1
vulnerability VCID-8qrc-1cx7-zuac
2
vulnerability VCID-cv34-tryp-13cd
3
vulnerability VCID-fqhw-vnhk-j7fu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.10.6
1
url pkg:composer/simplesamlphp/saml2@2.3.8
purl pkg:composer/simplesamlphp/saml2@2.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ghf-nbrc-m7e2
1
vulnerability VCID-8qrc-1cx7-zuac
2
vulnerability VCID-fqhw-vnhk-j7fu
3
vulnerability VCID-ject-qv5p-hqfw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@2.3.8
2
url pkg:composer/simplesamlphp/saml2@3.1.4
purl pkg:composer/simplesamlphp/saml2@3.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ghf-nbrc-m7e2
1
vulnerability VCID-8qrc-1cx7-zuac
2
vulnerability VCID-fqhw-vnhk-j7fu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@3.1.4
aliases CVE-2018-7711, GHSA-g888-g2pp-82hf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r99h-renx-4bd1
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@0.8.1