Simplesamlphp/saml2
This hub aggregates every CVE we track for Simplesamlphp/saml2, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
1
Critical
5
High
0
In CISA KEV
Severity distribution
HIGH5MEDIUM1CRITICAL1
Monthly trend
0
0
0
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Simplesamlphp/saml2.
- CVE-2025-27773SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding8.6
- CVE-2024-52806SimpleSAMLphp SAML2 has an XXE in parsing SAML messages8.3
- CVE-2023-49087Validation of SignedInfo6.8
- CVE-2018-7711HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures ac...8.1
- CVE-2018-7644The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML asserti...7.5
- CVE-2018-6519The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.7.5
- CVE-2016-9814The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attacker...9.1
Product normalization is registry-driven with AI assist and human review. How it works