VulnerableCode Package Details - pkg:composer/onelogin/php-saml@2.21.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/onelogin/php-saml@2.21.1

Essentials
History (1)

purl	pkg:composer/onelogin/php-saml@2.21.1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-qm99-jvw8-vygx	SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475 Summary There is a critical vulnerability on xmlseclibs [CVE-2025-66475](https://github.com/robrichards/xmlseclibs/security/advisories/GHSA-c4cc-x928-vjw9), a dependency of php-saml Update to the following versions of php-saml which forces the use of patched versions of xmlseclibs: - [2.21.1](https://github.com/SAML-Toolkits/php-saml/releases/tag/2.21.1) - [3.8.1](https://github.com/SAML-Toolkits/php-saml/releases/tag/3.8.1) - [4.3.1](https://github.com/SAML-Toolkits/php-saml/releases/tag/4.3.1) Impact Signature Wrapping Vulnerabilities allows an attacker to impersonate a user.	GHSA-5j8p-438x-rgg5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:49:06.573364+00:00	GitLab Importer	Fixing	VCID-qm99-jvw8-vygx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/onelogin/php-saml/GHSA-5j8p-438x-rgg5.yml	38.6.0