@altipla/directus-sdk-utils (=0.7.2), @better-auth/infra (>=0.1.7 <=0.1.8) +39 more potentially affected by CVE-2026-46490 via samlify (>=2.10.0 <=2.12.0)

samlify NPM version =2.10.0, =0.1.7, =1.6.0, =2.10.4, =1.0.0, =1.0.0, =11.16.1-depup.0, =27.1.0, =0.73.0, =0.0.0-chat-to-edit-20251124233201, =0.0.0-chat-to-edit-20251124233201, =0.75.0 and more Source cves: CVE-2026-46490 Source advisory: SNYK:JS-SAMLIFY-16796318...

@altipla/directus-sdk-utils (=0.7.2), @better-auth/infra (>=0.1.7 <=0.1.8) +39 more potentially affected by CVE-2026-46490 via samlify (>=2.10.0 <=2.12.0)

samlify NPM version =2.10.0, =0.1.7, =1.6.0, =2.10.4, =1.0.0, =1.0.0, =11.16.1-depup.0, =27.1.0, =0.73.0, =0.0.0-chat-to-edit-20251124233201, =0.0.0-chat-to-edit-20251124233201, =0.75.0 and more Source cves: CVE-2026-46490 Source advisory: OSV:GHSA-34R5-Q4JW-R36M...

PT-2026-42665

Name of the Vulnerable Software and Affected Versions samlify versions prior to 2.13.0 Description samlify is a Node.js library for SAML single sign-on. The template substitution mechanism only escapes attribute contexts, meaning values inserted into element text, such as , are not escaped. This...

EUVD-2018-0156

Malware in sbrugna...

GHSA-R683-V43C-6XQV samlify SAML Signature Wrapping attack

A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...

samlify SAML Signature Wrapping attack

A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...

CVE-2025-47949

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

CVE-2025-47949 samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...