EUVD-2025-23157

Malicious code in bioql PyPI...

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

PT-2025-31391

Name of the Vulnerable Software and Affected Versions: ruby-saml versions 1.18.0 and below Description: The Ruby SAML library, used for implementing the client side of a SAML authorization, contains a denial-of-service vulnerability. The message max bytesize setting, intended to prevent resource...

Debian dla-3949 : ruby-saml - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3949 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3949-1 [email protected] https://www.debian.org/lts/security/...

Debian dsa-5774 : ruby-saml - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5774 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5774-1 [email protected] https://www.debian.org/security/...

CVE-2024-45409

CVE-2024-45409 affects the Ruby-SAML library used for SAML client functionality. Ubuntu/Debian advisories and IBM/GitHub entries confirm that versions <= 12.2 and 1.13.0

Authorization Bypass

saml-client is vulnerable to authorization bypass attacks. The library uses a vulnerable version of the of the Shibboleth xmltooling library, causing text after a comment being lost before signing the SAML Message. This allows a malicious user to modify a SAML message without invalidating the...