Omniauth Omniauth Saml — known CVE vulnerabilities
Every CVE whose affected-product data names Omniauth Omniauth Saml, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-45409 — CVSS 10.0 (critical): The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not…
CVE-2025-25291 — CVSS 9.8 (critical): ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was…
CVE-2025-25292 — CVSS 9.8 (critical): ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was…
CVE-2017-11430 — CVSS 7.7 (high): OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way…
CVE-2025-25293 — CVSS 7.5 (high): ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml…