VYPR

npm package

passport-saml

pkg:npm/passport-saml

Vulnerabilities (3)

  • CVE-2025-54419CriJul 28, 2025
    affected <= 3.2.4

    A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authenti

  • CVE-2022-39299Oct 12, 2022
    affected < 3.2.2fixed 3.2.2

    Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP

  • CVE-2021-39171Aug 27, 2021
    affected < 3.1.0fixed 3.1.0

    Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This