Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/simplesamlphp/simplesamlphp@1.14.15
Typecomposer
Namespacesimplesamlphp
Namesimplesamlphp
Version1.14.15
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.15
Latest_non_vulnerable_version2.3.4
Affected_by_vulnerabilities
0
url VCID-1u9j-pr96-wueh
vulnerability_id VCID-1u9j-pr96-wueh
summary 
Improper Certificate Validation
Signature validation bypass in simplesamlphp.
references
0
reference_url https://simplesamlphp.org/security/201710-01
reference_id
reference_type
scores
url https://simplesamlphp.org/security/201710-01
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.14.17
purl pkg:composer/simplesamlphp/simplesamlphp@1.14.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2erd-t2hf-cbf7
1
vulnerability VCID-aq1f-4gx2-w7e2
2
vulnerability VCID-hqfj-cd75-nkfa
3
vulnerability VCID-mt8a-t14t-fycw
4
vulnerability VCID-npe5-1a82-bbh2
5
vulnerability VCID-pwbg-dz5n-t7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.17
1
url pkg:composer/simplesamlphp/simplesamlphp@1.15.0-rc1
purl pkg:composer/simplesamlphp/simplesamlphp@1.15.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2erd-t2hf-cbf7
1
vulnerability VCID-aq1f-4gx2-w7e2
2
vulnerability VCID-hqfj-cd75-nkfa
3
vulnerability VCID-mt8a-t14t-fycw
4
vulnerability VCID-npe5-1a82-bbh2
5
vulnerability VCID-pwbg-dz5n-t7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.15.0-rc1
aliases 201710-01
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1u9j-pr96-wueh
1
url VCID-2erd-t2hf-cbf7
vulnerability_id VCID-2erd-t2hf-cbf7
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6521
reference_id
reference_type
scores
0
value 0.00585
scoring_system epss
scoring_elements 0.69533
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6521
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6521.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6521.yaml
11
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
12
reference_url https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6521
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6521
14
reference_url https://simplesamlphp.org/security/201801-03
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201801-03
15
reference_url https://www.debian.org/security/2018/dsa-4127
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4127
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.15.2
purl pkg:composer/simplesamlphp/simplesamlphp@1.15.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hqfj-cd75-nkfa
1
vulnerability VCID-mt8a-t14t-fycw
2
vulnerability VCID-npe5-1a82-bbh2
3
vulnerability VCID-pwbg-dz5n-t7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.15.2
aliases CVE-2018-6521, GHSA-qv5p-6wrc-79wg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2erd-t2hf-cbf7
2
url VCID-741q-jvqg-4qhq
vulnerability_id VCID-741q-jvqg-4qhq
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18121
reference_id
reference_type
scores
0
value 0.00355
scoring_system epss
scoring_elements 0.58211
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18121
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-18121.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-18121.yaml
11
reference_url https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18121
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18121
13
reference_url https://simplesamlphp.org/security/201709-01
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201709-01
14
reference_url https://www.debian.org/security/2018/dsa-4127
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4127
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889286
reference_id 889286
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889286
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.14.16
purl pkg:composer/simplesamlphp/simplesamlphp@1.14.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1u9j-pr96-wueh
1
vulnerability VCID-2erd-t2hf-cbf7
2
vulnerability VCID-aq1f-4gx2-w7e2
3
vulnerability VCID-eryg-yprt-1uhd
4
vulnerability VCID-hqfj-cd75-nkfa
5
vulnerability VCID-mt8a-t14t-fycw
6
vulnerability VCID-npe5-1a82-bbh2
7
vulnerability VCID-pwbg-dz5n-t7fj
8
vulnerability VCID-wtmm-kpq1-4kc2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.16
aliases CVE-2017-18121, GHSA-fv7m-wc3v-wr3w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-741q-jvqg-4qhq
3
url VCID-aq1f-4gx2-w7e2
vulnerability_id VCID-aq1f-4gx2-w7e2
summary SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6520
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37306
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6520
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6520
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6520.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6520.yaml
3
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
4
reference_url https://github.com/simplesamlphp/simplesamlphp/issues/1473
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/issues/1473
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6520
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6520
6
reference_url https://simplesamlphp.org/security/201801-02
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201801-02
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.15.2
purl pkg:composer/simplesamlphp/simplesamlphp@1.15.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hqfj-cd75-nkfa
1
vulnerability VCID-mt8a-t14t-fycw
2
vulnerability VCID-npe5-1a82-bbh2
3
vulnerability VCID-pwbg-dz5n-t7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.15.2
aliases CVE-2018-6520, GHSA-2qfc-48v5-4w5h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aq1f-4gx2-w7e2
4
url VCID-eryg-yprt-1uhd
vulnerability_id VCID-eryg-yprt-1uhd
summary Duplicate Advisory: SimpleSAMLphp signature validation bypass
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/201710-01.yaml
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/201710-01.yaml
1
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
2
reference_url https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca
3
reference_url https://simplesamlphp.org/security/201710-01
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201710-01
4
reference_url https://github.com/advisories/GHSA-fjr2-r2mp-484p
reference_id GHSA-fjr2-r2mp-484p
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fjr2-r2mp-484p
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.14.17
purl pkg:composer/simplesamlphp/simplesamlphp@1.14.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2erd-t2hf-cbf7
1
vulnerability VCID-aq1f-4gx2-w7e2
2
vulnerability VCID-hqfj-cd75-nkfa
3
vulnerability VCID-mt8a-t14t-fycw
4
vulnerability VCID-npe5-1a82-bbh2
5
vulnerability VCID-pwbg-dz5n-t7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.17
aliases GHSA-fjr2-r2mp-484p
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eryg-yprt-1uhd
5
url VCID-hqfj-cd75-nkfa
vulnerability_id VCID-hqfj-cd75-nkfa
summary 
SimpleSAMLphp vulnerable to XXE in parsing SAML messages
## Withdrawn Advisory
This advisory has been withdrawn because the vulnerability affects users of the SimpleSAMLphp tarball, not the SimpleSAMLphp Composer package. The underlying information about CVE-2024-52596 is still valid.

## Original Description

# Summary
When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE.

## Mitigation:

Remove the `LIBXML_DTDLOAD | LIBXML_DTDATTR` options from `$options` is in: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41

## Background / details

To be published on Dec 8th
references
0
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
1
reference_url https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-j5g2-q29x-cw3h
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-j5g2-q29x-cw3h
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52596
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52596
3
reference_url https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm
reference_id GHSA-2x65-fpch-2fcm
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm
4
reference_url https://github.com/advisories/GHSA-j5g2-q29x-cw3h
reference_id GHSA-j5g2-q29x-cw3h
reference_type
scores
url https://github.com/advisories/GHSA-j5g2-q29x-cw3h
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@2.0.15
purl pkg:composer/simplesamlphp/simplesamlphp@2.0.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@2.0.15
1
url pkg:composer/simplesamlphp/simplesamlphp@2.1.0-rc1
purl pkg:composer/simplesamlphp/simplesamlphp@2.1.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@2.1.0-rc1
2
url pkg:composer/simplesamlphp/simplesamlphp@2.1.7
purl pkg:composer/simplesamlphp/simplesamlphp@2.1.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@2.1.7
3
url pkg:composer/simplesamlphp/simplesamlphp@2.2.4
purl pkg:composer/simplesamlphp/simplesamlphp@2.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@2.2.4
4
url pkg:composer/simplesamlphp/simplesamlphp@2.3.4
purl pkg:composer/simplesamlphp/simplesamlphp@2.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@2.3.4
aliases GHSA-j5g2-q29x-cw3h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqfj-cd75-nkfa
6
url VCID-mt8a-t14t-fycw
vulnerability_id VCID-mt8a-t14t-fycw
summary Information disclosure of source code in SimpleSAMLphp
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5301
reference_id
reference_type
scores
0
value 0.00142
scoring_system epss
scoring_elements 0.34172
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5301
1
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
2
reference_url https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e
3
reference_url https://simplesamlphp.org/security/202004-01
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/202004-01
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5301
reference_id CVE-2020-5301
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5301
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2020-5301.yaml
reference_id CVE-2020-5301.YAML
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2020-5301.yaml
6
reference_url https://github.com/advisories/GHSA-24m3-w8g9-jwpq
reference_id GHSA-24m3-w8g9-jwpq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-24m3-w8g9-jwpq
7
reference_url https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq
reference_id GHSA-24m3-w8g9-jwpq
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.18.6
purl pkg:composer/simplesamlphp/simplesamlphp@1.18.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hqfj-cd75-nkfa
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.18.6
aliases CVE-2020-5301, GHSA-24m3-w8g9-jwpq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mt8a-t14t-fycw
7
url VCID-npe5-1a82-bbh2
vulnerability_id VCID-npe5-1a82-bbh2
summary SimpleSAMLphp Reflected Cross-site Scripting vulnerability
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/2019-07-10.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/2019-07-10.yaml
1
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
2
reference_url https://github.com/simplesamlphp/simplesamlphp/commit/ce2294e092b3be7db2fc4e18e774b791d4564ff3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/commit/ce2294e092b3be7db2fc4e18e774b791d4564ff3
3
reference_url https://simplesamlphp.org/security/201907-01
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201907-01
4
reference_url https://github.com/advisories/GHSA-vpr3-cw3h-prw8
reference_id GHSA-vpr3-cw3h-prw8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vpr3-cw3h-prw8
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.17.3
purl pkg:composer/simplesamlphp/simplesamlphp@1.17.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25fq-bsgt-23d6
1
vulnerability VCID-hqfj-cd75-nkfa
2
vulnerability VCID-mt8a-t14t-fycw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.17.3
aliases GHSA-vpr3-cw3h-prw8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-npe5-1a82-bbh2
8
url VCID-pwbg-dz5n-t7fj
vulnerability_id VCID-pwbg-dz5n-t7fj
summary 
Cross-site Scripting
Reflected Cross-Site-Scripting in simplesamlphp.
references
0
reference_url https://simplesamlphp.org/security/201907-01
reference_id
reference_type
scores
url https://simplesamlphp.org/security/201907-01
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.17.0
purl pkg:composer/simplesamlphp/simplesamlphp@1.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25fq-bsgt-23d6
1
vulnerability VCID-hqfj-cd75-nkfa
2
vulnerability VCID-mt8a-t14t-fycw
3
vulnerability VCID-npe5-1a82-bbh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.17.0
aliases GMS-2019-149
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwbg-dz5n-t7fj
9
url VCID-wtmm-kpq1-4kc2
vulnerability_id VCID-wtmm-kpq1-4kc2
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18122
reference_id
reference_type
scores
0
value 0.00308
scoring_system epss
scoring_elements 0.54365
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18122
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-18122.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-18122.yaml
11
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
12
reference_url https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca
13
reference_url https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18122
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18122
15
reference_url https://simplesamlphp.org/security/201710-01
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201710-01
16
reference_url https://www.debian.org/security/2018/dsa-4127
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4127
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889286
reference_id 889286
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889286
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.14.17
purl pkg:composer/simplesamlphp/simplesamlphp@1.14.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2erd-t2hf-cbf7
1
vulnerability VCID-aq1f-4gx2-w7e2
2
vulnerability VCID-hqfj-cd75-nkfa
3
vulnerability VCID-mt8a-t14t-fycw
4
vulnerability VCID-npe5-1a82-bbh2
5
vulnerability VCID-pwbg-dz5n-t7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.17
aliases CVE-2017-18122, GHSA-j4qf-3w33-8cgc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wtmm-kpq1-4kc2
Fixing_vulnerabilities
0
url VCID-fwh5-cfnj-hfeg
vulnerability_id VCID-fwh5-cfnj-hfeg
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12867
reference_id
reference_type
scores
0
value 0.00241
scoring_system epss
scoring_elements 0.47645
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12867
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
10
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
11
reference_url https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68
12
reference_url https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html
13
reference_url https://simplesamlphp.org/security/201708-01
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201708-01
14
reference_url https://www.debian.org/security/2018/dsa-4127
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4127
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12867
reference_id CVE-2017-12867
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12867
16
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-12867.yaml
reference_id CVE-2017-12867.YAML
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-12867.yaml
17
reference_url https://github.com/advisories/GHSA-597c-mh7m-48v7
reference_id GHSA-597c-mh7m-48v7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-597c-mh7m-48v7
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.14.15
purl pkg:composer/simplesamlphp/simplesamlphp@1.14.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1u9j-pr96-wueh
1
vulnerability VCID-2erd-t2hf-cbf7
2
vulnerability VCID-741q-jvqg-4qhq
3
vulnerability VCID-aq1f-4gx2-w7e2
4
vulnerability VCID-eryg-yprt-1uhd
5
vulnerability VCID-hqfj-cd75-nkfa
6
vulnerability VCID-mt8a-t14t-fycw
7
vulnerability VCID-npe5-1a82-bbh2
8
vulnerability VCID-pwbg-dz5n-t7fj
9
vulnerability VCID-wtmm-kpq1-4kc2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.15
aliases CVE-2017-12867, GHSA-597c-mh7m-48v7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwh5-cfnj-hfeg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.15