Samlify Project Samlify — known CVE vulnerabilities
Every CVE whose affected-product data names Samlify Project Samlify, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-46490 — CVSS 8.8 (high): samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute…
CVE-2017-1000452 — CVSS 7.5 (high): An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers…
CVE-2025-47949 — CVSS 7.5 (high): samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0…