VYPR

Packagist (Composer) package

robrichards/xmlseclibs

pkg:composer/robrichards/xmlseclibs

Vulnerabilities (3)

  • CVE-2026-32313Mar 13, 2026
    affected < 3.1.5fixed 3.1.5

    xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authenticat

  • CVE-2025-66578Dec 9, 2025
    affected < 3.1.4fixed 3.1.4

    xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2’s canonicalization is invoked on

  • CVE-2019-3465Nov 7, 2019
    affected >= 3.0.0, < 3.0.4fixed 3.0.4

    Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML messag