pkg:RubyGems/ruby-saml

10 total CVEsCRITICAL4HIGH3

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2024-45409ruby-saml - security update
    from 0, < 1.12.3
  • CRITICAL9.8CVE-2025-25292Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
    >= 1.13.0, < 1.18.0
  • CRITICAL9.8CVE-2025-25291ruby-saml - security update
    from 0, < 1.12.4
  • CRITICAL9.8CVE-2015-20108ruby-saml vulnerable to XPath injection
    from 0, < 1.0.0
  • HIGH7.7CVE-2017-11428Ruby-SAML Improper Authentication vulnerability
    from 0, < 1.7.0
  • HIGH7.5CVE-2025-25293Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses
    from 0, < 1.12.4
  • HIGH7.5CVE-2016-5697Ruby-saml allows attackers to perform XML signature wrapping attacks
    from 0, < 1.3.0
  • CVE-2025-66568Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
    from 0, < 1.18.0
  • CVE-2025-66567Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
    from 0, < 1.18.0
  • CVE-2025-54572Ruby SAML DOS vulnerability with large SAML response
    from 0, < 1.18.1