| CVE-2016-5697 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors. |
| CVE-2025-66568 |
unknown |
— |
— |
|
|
|
6mo ago |
The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process us… |
| CVE-2025-66567 |
unknown |
— |
— |
|
|
|
6mo ago |
The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fi… |
| CVE-2025-54572 |
unknown |
— |
— |
|
|
|
10mo ago |
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesi… |
| CVE-2025-25292 |
unknown |
— |
— |
|
|
|
1y ago |
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a … |
| CVE-2025-25291 |
unknown |
— |
— |
|
|
|
1y ago |
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a … |
| CVE-2025-25293 |
unknown |
— |
— |
|
|
|
1y ago |
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compre… |
| CVE-2024-45409 |
unknown |
— |
— |
|
|
|
2y ago |
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenti… |
| CVE-2017-11428 |
unknown |
— |
— |
|
|
|
8y ago |
OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without … |
| CVE-2015-20108 |
unknown |
— |
— |
|
|
|
11y ago |
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. |