VYPR

npm package

node-saml

pkg:npm/node-saml

Vulnerabilities (3)

  • CVE-2025-54369CriJul 24, 2025
    affected <= 3.1.2

    Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an att

  • CVE-2022-39300Oct 13, 2022
    affected < 4.0.0-beta.5fixed 4.0.0-beta.5

    node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element.

  • CVE-2022-39299Oct 12, 2022
    affected < 4.0.0-beta.5fixed 4.0.0-beta.5

    Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP