Ruby-saml
This hub aggregates every CVE we track for Ruby-saml, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
9
CVEs tracked
6
Critical
3
High
0
In CISA KEV
Severity distribution
CRITICAL6HIGH3
Monthly trend
0
0
1
0
0
0
0
0
3
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 9 most recently published vulnerabilities affecting Ruby-saml.
- CVE-2025-66568ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation9.1
- CVE-2025-66567ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)9.1
- CVE-2025-25292Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)9.8
- CVE-2025-25291ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)9.8
- CVE-2025-25293ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses7.5
- CVE-2024-45409The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector10.0
- CVE-2015-20108xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.9.8
- CVE-2017-11428Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal7.7
- CVE-2016-5697Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.7.5
Product normalization is registry-driven with AI assist and human review. How it works