Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/simplesamlphp/xml-security@1.6.3
Typecomposer
Namespacesimplesamlphp
Namexml-security
Version1.6.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.13.9
Latest_non_vulnerable_version2.3.1
Affected_by_vulnerabilities
0
url VCID-4ghf-nbrc-m7e2
vulnerability_id VCID-4ghf-nbrc-m7e2
summary SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52806
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.40052
published_at 2026-06-13T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.40042
published_at 2026-06-14T12:55:00Z
2
value 0.00183
scoring_system epss
scoring_elements 0.4003
published_at 2026-06-12T12:55:00Z
3
value 0.00183
scoring_system epss
scoring_elements 0.3986
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52806
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52806
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52806
2
reference_url https://github.com/simplesamlphp/saml2
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/saml2
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52806
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52806
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
reference_id 1088904
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
5
reference_url https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7
reference_id 5fd4ce4596656fb0c1278f15b8305825412e89f7
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T19:10:45Z/
url https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7
6
reference_url https://github.com/advisories/GHSA-pxm4-r5ph-q2m2
reference_id GHSA-pxm4-r5ph-q2m2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pxm4-r5ph-q2m2
7
reference_url https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2
reference_id GHSA-pxm4-r5ph-q2m2
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T19:10:45Z/
url https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2
fixed_packages
0
url pkg:composer/simplesamlphp/xml-security@1.10.0
purl pkg:composer/simplesamlphp/xml-security@1.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vjvj-dtk2-fucr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/xml-security@1.10.0
aliases CVE-2024-52806, GHSA-pxm4-r5ph-q2m2
risk_score 3.8
exploitability 0.5
weighted_severity 7.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ghf-nbrc-m7e2
1
url VCID-8qrc-1cx7-zuac
vulnerability_id VCID-8qrc-1cx7-zuac
summary SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52596
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44701
published_at 2026-06-12T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.44706
published_at 2026-06-14T12:55:00Z
2
value 0.00218
scoring_system epss
scoring_elements 0.44718
published_at 2026-06-13T12:55:00Z
3
value 0.00218
scoring_system epss
scoring_elements 0.44549
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52596
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52596
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52596
2
reference_url https://github.com/simplesamlphp/xml-common
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/xml-common
3
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52596
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52596
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
reference_id 1088904
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
6
reference_url https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5
reference_id fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T18:32:34Z/
url https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5
7
reference_url https://github.com/advisories/GHSA-2x65-fpch-2fcm
reference_id GHSA-2x65-fpch-2fcm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2x65-fpch-2fcm
8
reference_url https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm
reference_id GHSA-2x65-fpch-2fcm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T18:32:34Z/
url https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm
fixed_packages
0
url pkg:composer/simplesamlphp/xml-security@1.10.0
purl pkg:composer/simplesamlphp/xml-security@1.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vjvj-dtk2-fucr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/xml-security@1.10.0
aliases CVE-2024-52596, GHSA-2x65-fpch-2fcm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qrc-1cx7-zuac
2
url VCID-vjvj-dtk2-fucr
vulnerability_id VCID-vjvj-dtk2-fucr
summary xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32600
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06372
published_at 2026-06-11T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.0636
published_at 2026-06-14T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06392
published_at 2026-06-12T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.06381
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32600
1
reference_url https://github.com/simplesamlphp/xml-security
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/xml-security
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32600
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32600
3
reference_url https://github.com/simplesamlphp/xml-security/commit/cad6d57cf0a5a0b7e0cc4e4a5b18752e56eb1520
reference_id cad6d57cf0a5a0b7e0cc4e4a5b18752e56eb1520
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-16T14:01:30Z/
url https://github.com/simplesamlphp/xml-security/commit/cad6d57cf0a5a0b7e0cc4e4a5b18752e56eb1520
4
reference_url https://github.com/simplesamlphp/xml-security/commit/fdc12449e959c610943f9fd428e95e3832d74c25
reference_id fdc12449e959c610943f9fd428e95e3832d74c25
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-16T14:01:30Z/
url https://github.com/simplesamlphp/xml-security/commit/fdc12449e959c610943f9fd428e95e3832d74c25
5
reference_url https://github.com/advisories/GHSA-r353-4845-pr5p
reference_id GHSA-r353-4845-pr5p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r353-4845-pr5p
6
reference_url https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-r353-4845-pr5p
reference_id GHSA-r353-4845-pr5p
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-16T14:01:30Z/
url https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-r353-4845-pr5p
fixed_packages
0
url pkg:composer/simplesamlphp/xml-security@1.13.9
purl pkg:composer/simplesamlphp/xml-security@1.13.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/xml-security@1.13.9
1
url pkg:composer/simplesamlphp/xml-security@2.3.1
purl pkg:composer/simplesamlphp/xml-security@2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/xml-security@2.3.1
aliases CVE-2026-32600, GHSA-r353-4845-pr5p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vjvj-dtk2-fucr
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/xml-security@1.6.3