Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/onelogin/php-saml@3.0.0
purl pkg:composer/onelogin/php-saml@3.0.0
Next non-vulnerable version 3.8.1
Latest non-vulnerable version 4.3.1
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-qm99-jvw8-vygx
Aliases:
GHSA-5j8p-438x-rgg5
SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475 **Summary** There is a critical vulnerability on xmlseclibs [CVE-2025-66475](https://github.com/robrichards/xmlseclibs/security/advisories/GHSA-c4cc-x928-vjw9), a dependency of php-saml Update to the following versions of php-saml which forces the use of patched versions of xmlseclibs: - [2.21.1](https://github.com/SAML-Toolkits/php-saml/releases/tag/2.21.1) - [3.8.1](https://github.com/SAML-Toolkits/php-saml/releases/tag/3.8.1) - [4.3.1](https://github.com/SAML-Toolkits/php-saml/releases/tag/4.3.1) **Impact** Signature Wrapping Vulnerabilities allows an attacker to impersonate a user.
3.8.1
Affected by 0 other vulnerabilities.
4.3.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:49:06.552660+00:00 GitLab Importer Affected by VCID-qm99-jvw8-vygx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/onelogin/php-saml/GHSA-5j8p-438x-rgg5.yml 38.6.0