VYPR

Goxmldsig

by Russellhaering

Source repositories

CVEs (2)

  • CVE-2026-33487HigMar 26, 2026
    risk 0.42cvss 7.5epss 0.00

    goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go versions before 1.22, or when…

  • CVE-2020-15216Sep 29, 2020
    risk 0.00cvss epss 0.01

    In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade…