Overview · simplesamlphp/saml2 · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

SimpleSAMLphp HTTP-Artifact TLS validator confusion allows cross-IdP authentication bypass
GHSA-6929-8p9f-26jx published May 29, 2026 by tvdijen

High
Possible DoS via XPath Transform
GHSA-5cjr-mxj5-wmrx published May 29, 2026 by tvdijen

High
Incorrect signature verification for HTTP-Redirect binding
GHSA-46r4-f8gj-xg56 published Mar 11, 2025 by tvdijen

High
XXE in parsing SAML messages
GHSA-pxm4-r5ph-q2m2 published Dec 1, 2024 by tvdijen

High
Incorrect signature verification
GHSA-62c2-r76c-55pp published Jun 5, 2019 by jaimeperez

Moderate

Learn more about advisories related to simplesamlphp/saml2 in the GitHub Advisory Database