github.com/russellhaering/gosaml2 (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/russellhaering/gosaml2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2020-29509 — CVSS 9.8 (critical): The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization…
CVE-2020-7711 — CVSS 7.5 (high): This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending…
CVE-2020-7731 — CVSS 7.5 (high): This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by…
CVE-2023-26483 — CVSS 5.3 (medium): gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely…