Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-saml vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-5697
Ruby-saml prior to 1.3.0 allows malicious users to perform XML signature wrapping attacks via unspecified vectors.
Onelogin Ruby-saml
9.8
CVSSv3
CVE-2017-11428
OneLogin Ruby-SAML 1.6.0 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potent...
Onelogin Ruby-saml
9.8
CVSSv3
CVE-2015-20108
xml_security.rb in the ruby-saml gem prior to 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
Onelogin Ruby-saml
8.8
CVSSv4
CVE-2025-25291
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can ge...
Saml-toolkits Ruby-saml
1 Article
8.8
CVSSv4
CVE-2025-25292
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can ge...
Saml-toolkits Ruby-saml
1 Article
7.7
CVSSv4
CVE-2025-25293
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case the...
Saml-toolkits Ruby-saml
9.8
CVSSv3
CVE-2024-45409
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thu...
Onelogin Ruby-saml
Omniauth Omniauth Saml
Omniauth Omniauth Saml 2.0.0
Omniauth Omniauth Saml 2.1.0
Gitlab Gitlab
2 Github repositories
1 Article
7.5
CVSSv3
CVE-2018-5387
Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication t...
Wizkunde Samlbase
9.8
CVSSv3
CVE-2017-11427
OneLogin PythonSAML 2.3.0 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to poten...
Onelogin Pythonsaml
5 Github repositories
9.8
CVSSv3
CVE-2017-11429
Clever saml2-js 2.0 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially...
Clever Saml2-js
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
path traversal
CVE-2025-2657
CVE-2025-30066
CVE-2025-24813
apache commons vfs
CVE-2025-2478
validation
CVE-2025-2674
code injection
medical card generation system
microsoft edge (chromium-based)
CVE-2025-2688
cicadascms
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »
Vulmon