EUVD-2019-0585

Malware in sbrugna...

EUVD-2025-29406

Malicious code in bioql PyPI...

omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue

Summary There are 2 new Critical Signature Wrapping Vulnerabilities CVE-2025-25292, CVE-2025-25291 and a potential DDOS Moderated Vulneratiblity CVE-2025-25293 affecting ruby-saml, a dependency of omniauth-saml. The fix will be applied to ruby-saml and released 12 March 2025, under version 1.18.0...

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

GitLab has released patches to address a critical flaw impacting Community Edition CE and Enterprise Edition EE that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library CVE-2024-45409, CVSS score: 10.0, which could allow an attacker to log in as an...

omniauth-saml vulnerable to Improper Verification of Cryptographic Signature

ruby-saml, the dependent SAML gem of omniauth-saml has a signature wrapping vulnerability in = v1.12.0 and v1.13.0 to v1.16.0 , see https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 As a result, omniauth-saml created a new release by upgrading ruby-saml to the...

GHSA-CVP8-5R8G-FHVQ omniauth-saml vulnerable to Improper Verification of Cryptographic Signature

ruby-saml, the dependent SAML gem of omniauth-saml has a signature wrapping vulnerability in = v1.12.0 and v1.13.0 to v1.16.0 , see https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 As a result, omniauth-saml created a new release by upgrading ruby-saml to the...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the incorrect XPath selector due to improper verification of the SAML Response signature. An attacker with access to any signed SAML document can forge a SAML Response/Assertion...

OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal

OmniAuth OmniAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

GHSA-94HM-8Q65-RMXM OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal

OmniAuth OmniAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

CVE-2017-11430

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

CVE-2017-11430

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

Authorization Bypass

OmniAuth-saml is vulnerable to authentication bypass. The application uses a vulnerable version of ruby-saml , meaning it does not properly parse comments in certain XML nodes, causing text after a comment being lost before signing the SAML Message. This allows a malicious user to modify a SAML...