simplesamlphp/simplesamlphp vulnerabilities

A PHP implementation of a SAML 2.0 service provider and identity provider, also compatible with Shibboleth 1.3 and 2.0.

Latest version: v1.18.4

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the simplesamlphp/simplesamlphp package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Log Injection
<1.18.4 Not available 26 Jan, 2020
  • M
Cross-site Scripting (XSS)
>=1.18.0, <1.18.4 Not available 26 Jan, 2020
  • L
Information Disclosure
>=1.17.0, <1.17.8 Not available 01 Dec, 2019
  • M
Cross-site Scripting (XSS)
>=1.12.0, <1.17.3 Not available 14 Jul, 2019
  • L
Information Exposure
>=1.16.0, <1.16.3 Not available 24 Dec, 2018
  • H
Signature Validation Bypass
<1.14.17 Not available 22 Feb, 2018
  • H
Security Bypass
<1.14.17 Not available 12 Feb, 2018
  • H
Information Exposure
>=1.7.0, <1.14.11 Not available 12 Feb, 2018
  • H
Authentication Bypass
<1.14.14 Not available 12 Feb, 2018
  • H
Authentication Bypass
<1.14.14 Not available 12 Feb, 2018
  • H
Authentication Bypass
<1.15.2 Not available 12 Feb, 2018
  • M
Open Redirect
< 1.15.2 Not available 06 Feb, 2018
  • M
Information Exposure
<1.14.13 Not available 06 Feb, 2018
  • M
Cross-site Scripting (XSS)
<1.14.16 Not available 25 Aug, 2017
  • M
Invalid Token Creation and Validation
<1.14.15 Not available 28 Jun, 2017
  • M
Insecure Randomness
>=1.14.0, <1.14.12 Not available 30 Mar, 2017
  • L
TLS Timing Attack
<1.14.12 Not available 17 Mar, 2017
  • M
Incorrect Signature Verification
<1.14.11 Not available 03 Dec, 2016
  • L
Link Injection
<1.14.4 Not available 06 Jun, 2016
  • M
Information Exposure
<1.14.1 Not available 07 Mar, 2016