Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/pysaml2@1.0.2
purl pkg:pypi/pysaml2@1.0.2
Next non-vulnerable version 6.5.0
Latest non-vulnerable version 6.5.0
Risk
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-18jn-t4rf-13f1
Aliases:
CVE-2021-21238
GHSA-f4g9-h89h-jgv9
PYSEC-2021-48
signature forgery
6.5.0
Affected by 0 other vulnerabilities.
VCID-3vdt-bzym-t7f1
Aliases:
CVE-2016-10149
GHSA-c2vx-49jm-h3f6
PYSEC-2017-25
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
4.5.0
Affected by 4 other vulnerabilities.
VCID-6d5c-jdcx-pbeg
Aliases:
CVE-2016-10127
GHSA-m269-wj6g-c459
PYSEC-2017-67
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
4.5.0
Affected by 4 other vulnerabilities.
VCID-azuf-r76r-gkaa
Aliases:
CVE-2021-21239
GHSA-5p3x-r448-pc62
PYSEC-2021-49
signature forgery
6.5.0
Affected by 0 other vulnerabilities.
VCID-rp35-dypx-8ubn
Aliases:
CVE-2017-1000246
GHSA-cq94-qf6q-mf2h
PYSEC-2017-26
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
4.6.0
Affected by 3 other vulnerabilities.
VCID-rydh-2y4u-u3ef
Aliases:
CVE-2020-5390
GHSA-qf7v-8hj3-4xw7
PYSEC-2020-94
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed.
5.0.0
Affected by 2 other vulnerabilities.
VCID-t3ba-s8mg-s7cx
Aliases:
CVE-2017-1000433
GHSA-924m-4pmx-c67h
PYSEC-2018-48
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
4.5.0
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:08:19.651250+00:00 Pypa Importer Affected by VCID-azuf-r76r-gkaa https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2021-49.yaml 38.6.0
2026-06-02T04:08:19.437047+00:00 Pypa Importer Affected by VCID-18jn-t4rf-13f1 https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2021-48.yaml 38.6.0
2026-06-02T04:06:05.061728+00:00 Pypa Importer Affected by VCID-rydh-2y4u-u3ef https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2020-94.yaml 38.6.0
2026-06-02T04:04:57.006561+00:00 Pypa Importer Affected by VCID-t3ba-s8mg-s7cx https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2018-48.yaml 38.6.0
2026-06-02T04:04:55.760510+00:00 Pypa Importer Affected by VCID-rp35-dypx-8ubn https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2017-26.yaml 38.6.0
2026-06-02T04:04:36.017565+00:00 Pypa Importer Affected by VCID-3vdt-bzym-t7f1 https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2017-25.yaml 38.6.0
2026-06-02T04:04:31.608487+00:00 Pypa Importer Affected by VCID-6d5c-jdcx-pbeg https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2017-67.yaml 38.6.0