github.com/russellhaering/goxmldsig (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/russellhaering/goxmldsig, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2020-27847 — CVSS 9.8 (critical): A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw…
CVE-2020-26290 — CVSS 9.3 (critical): Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which…
CVE-2020-7711 — CVSS 7.5 (high): This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending…
CVE-2020-7731 — CVSS 7.5 (high): This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by…
CVE-2026-33487 — CVSS 7.5 (high): goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes…
CVE-2020-15216 — CVSS 5.3 (medium): In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can…