VYPR

Go modules package

github.com/russellhaering/goxmldsig

pkg:golang/github.com/russellhaering/goxmldsig

Vulnerabilities (5)

  • CVE-2026-33487HigMar 26, 2026
    affected < 1.6.0fixed 1.6.0

    goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go versions before 1.22, or when `go.mo

  • CVE-2020-7731Apr 30, 2021
    affected < 1.1.1fixed 1.1.1

    This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

  • CVE-2020-26290Dec 28, 2020
    affected < 1.1.0fixed 1.1.0

    Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the under

  • CVE-2020-15216Sep 29, 2020
    affected < 1.1.0fixed 1.1.0

    In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade t

  • CVE-2020-7711Aug 23, 2020
    affected < 1.1.1fixed 1.1.1

    This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.