Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/omniauth-saml@2.1.3
purl pkg:gem/omniauth-saml@2.1.3
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-2ded-zkye-buet omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue ### Summary There are 2 new Critical Signature Wrapping Vulnerabilities (CVE-2025-25292, CVE-2025-25291) and a potential DDOS Moderated Vulneratiblity (CVE-2025-25293) affecting ruby-saml, a dependency of omniauth-saml. The fix will be applied to ruby-saml and released 12 March 2025, under version 1.18.0. Please [upgrade](https://github.com/omniauth/omniauth-saml/blob/master/omniauth-saml.gemspec#L16) the ruby-saml requirement to v1.18.0. ### Impact Signature Wrapping Vulnerabilities allows an attacker to impersonate a user. GHSA-hw46-3hmr-x9xv

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-09T20:43:22.116180+00:00 GHSA Importer Fixing VCID-2ded-zkye-buet https://github.com/advisories/GHSA-hw46-3hmr-x9xv 38.6.0
2026-06-04T17:12:32.280370+00:00 GithubOSV Importer Fixing VCID-2ded-zkye-buet https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-hw46-3hmr-x9xv/GHSA-hw46-3hmr-x9xv.json 38.6.0
2026-06-04T16:23:30.351766+00:00 GitLab Importer Fixing VCID-2ded-zkye-buet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/omniauth-saml/GHSA-hw46-3hmr-x9xv.yml 38.6.0