Xmlseclibs Project Xmlseclibs — known CVE vulnerabilities
Every CVE whose affected-product data names Xmlseclibs Project Xmlseclibs, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2019-3465 — CVSS 8.8 (high): Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of…
CVE-2026-32313 — CVSS 8.2 (high): xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either…
CVE-2025-66578 — CVSS 6.0 (medium): xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass…