Nokogiri does not check the return value from xmlC14NExecute

Summary Nokogiri's CRuby extension fails to check the return value from xmlC14NExecute in the method Nokogiri::XML::Documentcanonicalize and Nokogiri::XML::Nodecanonicalize. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may...

CVE-2025-66578

CVE-2025-66578 affects robrichards/xmlseclibs (PHP) up to version 3.1.3. The root cause is a flaw in libxml2 canonicalization during document transformation: when canonicalizing invalid XML input, libxml2 may return an empty string instead of a canonicalized node. xmlseclibs then computes the Dig...

EUVD-2025-201790

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2’s canonicalization is invoked on an invalid XML...

GHSA-X4H9-GWV3-R4M4 Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...