@boxyhq/saml-jackson (>=1.11.2 <=1.40.2), @boxyhq/saml20 (>=1.2.4 <=1.8.0) +8 more potentially affected by CVE-2025-29775 via xml-crypto (>=4.1.0 <=6.0.0)

xml-crypto NPM version =4.1.0, =1.11.2, =1.2.4, =1.0.0, =4.0.0, =1.0.0, =0.0.1, =0.0.2 - saml-nofs =3.0.2 - verifactu-utils =1.1.0 Source cves: CVE-2025-29775 Source advisory: OSV:GHSA-X3M8-899R-F7C3...

CVE-2024-35842

Summary: CVE-2024-35842 in the Linux kernel fixes a NULL pointer dereference in ASoC: mediatek sof-common by adding a NULL check for the normal_link string in sof_conn_stream entries. The issue arises because not all sof_conn_stream entries declare a normal_link (non-SOF, direct link) string, par...

@boxyhq/saml-jackson (>=1.11.2 <=1.17.1), @boxyhq/saml20 (>=1.2.4 <=1.4.1) +7 more potentially affected by CVE-2024-32962 via xml-crypto (>=4.1.0 <=5.1.1)

xml-crypto NPM version =4.1.0, =1.11.2, =1.2.4, =4.0.0, =1.0.0, =0.0.1, =0.0.2 - saml-nofs =3.0.2 - verifactu-utils =1.1.0 Source cves: CVE-2024-32962 Source advisory: OSV:GHSA-2XP3-57P7-QF4V...