SUSE CVE-2026-33487

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...

Linux Distros Unpatched Vulnerability : CVE-2026-33487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in...

CVE-2026-33487

The CVE-2026-33487 in goxmldsig affects the validateSignature logic in validate.go prior to v1.6.0. In Go versions before 1.22 (or when a older module version is used), a loop variable capture bug stores the address of the loop variable, causing the ref pointer to end up pointing to the last matc...

EUVD-2021-1160

Malware in sbrugna...

EUVD-2022-7517

Malicious code in bioql PyPI...

CVE-2020-36563

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...

GHSA-5RHG-XHGR-5HFJ go-saml's XML Digital Signatures use SHA-1

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...

Input validation

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...

CVE-2020-36563 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...

CVE-2020-36563 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...

GO-2020-0047 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...

[SECURITY] Fedora 33 Update: golang-github-russellhaering-goxmldsig-1.1.0-1.fc33

Pure Go implementation of XML Digital Signatures...

Fedora 32 : golang-github-russellhaering-goxmldsig (2021-9316ee2948)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-9316ee2948 advisory. - In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely...

Fedora: Security Advisory for golang-github-russellhaering-goxmldsig (FEDORA-2021-9316ee2948)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-russellhaering-goxmldsig (FEDORA-2021-a2a7673da2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-15216

In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision...

CVE-2020-15216

In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision...

CVE-2020-15216

In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision...

CVE-2020-15216 Signature Validation Bypass in goxmldsig

In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision...

CVE-2020-15216

In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision...