CVE-2022-23505

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...

EUVD-2016-6687

Malware in sbrugna...

EUVD-2018-0156

Malware in sbrugna...

EUVD-2015-0038

Malware in sbrugna...

EUVD-2020-0344

Malware in sbrugna...

EUVD-2015-0037

Malware in sbrugna...

EUVD-2021-23728

Malware in sbrugna...

EUVD-2020-0374

Malware in sbrugna...

EUVD-2022-4159

Malicious code in bioql PyPI...

EUVD-2025-7804

Malicious code in bioql PyPI...

EUVD-2024-3495

Malicious code in bioql PyPI...

EUVD-2023-2496

Malicious code in bioql PyPI...

EUVD-2025-4791

Malicious code in bioql PyPI...

EUVD-2022-2125

Malicious code in bioql PyPI...

EUVD-2022-7706

Malicious code in bioql PyPI...

EUVD-2025-4792

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-6519

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for...

CVE-2023-41890

Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity...

CVE-2020-5268

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is...

CVE-2025-46573

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...