Every CVE whose affected-product data names Onelogin Ruby-saml, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2024-45409 — CVSS 10.0 (critical): The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not…
CVE-2015-20108 — CVSS 9.8 (critical): xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not…
CVE-2025-25291 — CVSS 9.8 (critical): ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was…
CVE-2025-25292 — CVSS 9.8 (critical): ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was…
CVE-2025-66567 — CVSS 9.1 (critical): The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an…
CVE-2025-66568 — CVSS 9.1 (critical): The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to…
CVE-2017-11428 — CVSS 7.7 (high): OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that…
CVE-2025-25293 — CVSS 7.5 (high): ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml…
CVE-2016-5697 — CVSS 7.5 (high): Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.