Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/simplesamlphp/simplesamlphp@1.15.0
purl pkg:composer/simplesamlphp/simplesamlphp@1.15.0
Next non-vulnerable version 2.0.15
Latest non-vulnerable version 2.3.4
Risk 4.5
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-2erd-t2hf-cbf7
Aliases:
CVE-2018-6521
GHSA-qv5p-6wrc-79wg
security update
1.15.2
Affected by 4 other vulnerabilities.
VCID-aq1f-4gx2-w7e2
Aliases:
CVE-2018-6520
GHSA-2qfc-48v5-4w5h
SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.
1.15.2
Affected by 4 other vulnerabilities.
VCID-hqfj-cd75-nkfa
Aliases:
GHSA-j5g2-q29x-cw3h
SimpleSAMLphp vulnerable to XXE in parsing SAML messages ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects users of the SimpleSAMLphp tarball, not the SimpleSAMLphp Composer package. The underlying information about CVE-2024-52596 is still valid. ## Original Description # Summary When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. ## Mitigation: Remove the `LIBXML_DTDLOAD | LIBXML_DTDATTR` options from `$options` is in: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41 ## Background / details To be published on Dec 8th
2.0.15
Affected by 0 other vulnerabilities.
2.1.0-rc1
Affected by 0 other vulnerabilities.
2.1.7
Affected by 0 other vulnerabilities.
2.2.4
Affected by 0 other vulnerabilities.
2.3.4
Affected by 0 other vulnerabilities.
VCID-mt8a-t14t-fycw
Aliases:
CVE-2020-5301
GHSA-24m3-w8g9-jwpq
Information disclosure of source code in SimpleSAMLphp
1.18.6
Affected by 1 other vulnerability.
VCID-npe5-1a82-bbh2
Aliases:
GHSA-vpr3-cw3h-prw8
SimpleSAMLphp Reflected Cross-site Scripting vulnerability
1.17.3
Affected by 3 other vulnerabilities.
VCID-pwbg-dz5n-t7fj
Aliases:
GMS-2019-149
Cross-site Scripting Reflected Cross-Site-Scripting in simplesamlphp.
1.17.0
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T19:47:38.273245+00:00 GitLab Importer Affected by VCID-hqfj-cd75-nkfa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/GHSA-j5g2-q29x-cw3h.yml 38.6.0
2026-06-12T19:30:12.417275+00:00 GitLab Importer Affected by VCID-npe5-1a82-bbh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/GHSA-vpr3-cw3h-prw8.yml 38.6.0
2026-06-12T17:20:01.101986+00:00 GitLab Importer Affected by VCID-mt8a-t14t-fycw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/CVE-2020-5301.yml 38.6.0
2026-06-12T17:12:48.993212+00:00 GitLab Importer Affected by VCID-pwbg-dz5n-t7fj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/GMS-2019-149.yml 38.6.0
2026-06-12T16:57:29.083714+00:00 GitLab Importer Affected by VCID-aq1f-4gx2-w7e2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/CVE-2018-6520.yml 38.6.0
2026-06-12T16:57:28.853768+00:00 GitLab Importer Affected by VCID-2erd-t2hf-cbf7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/CVE-2018-6521.yml 38.6.0