Search for packages
| purl | pkg:gem/omniauth-saml@2.2.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-97yq-xn2c-b7cz
Aliases: GHSA-hw46-3hmr-x9xv |
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue ### Summary There are 2 new Critical Signature Wrapping Vulnerabilities (CVE-2025-25292, CVE-2025-25291) and a potential DDOS Moderated Vulneratiblity (CVE-2025-25293) affecting ruby-saml, a dependency of omniauth-saml. The fix will be applied to ruby-saml and released 12 March 2025, under version 1.18.0. Please [upgrade](https://github.com/omniauth/omniauth-saml/blob/master/omniauth-saml.gemspec#L16) the ruby-saml requirement to v1.18.0. ### Impact Signature Wrapping Vulnerabilities allows an attacker to impersonate a user. |
Affected by 0 other vulnerabilities. |
|
VCID-e9me-qbxu-33ey
Aliases: GHSA-cvp8-5r8g-fhvq |
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-13T09:26:07.265554+00:00 | Ruby Importer | Affected by | VCID-97yq-xn2c-b7cz | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/GHSA-hw46-3hmr-x9xv.yml | 38.6.0 |
| 2026-06-12T19:54:48.016925+00:00 | GitLab Importer | Affected by | VCID-97yq-xn2c-b7cz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/omniauth-saml/GHSA-hw46-3hmr-x9xv.yml | 38.6.0 |
| 2026-06-12T19:39:17.480361+00:00 | GitLab Importer | Affected by | VCID-e9me-qbxu-33ey | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/omniauth-saml/GHSA-cvp8-5r8g-fhvq.yml | 38.6.0 |
| 2026-06-11T20:35:57.829749+00:00 | GHSA Importer | Affected by | VCID-e9me-qbxu-33ey | https://github.com/advisories/GHSA-cvp8-5r8g-fhvq | 38.6.0 |