VYPR
Vendor

Opensaml

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2017-16853HigNov 16, 2017
    risk 0.53cvss 8.1epss 0.01

    The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification,…

  • CVE-2014-3603MedApr 4, 2019
    risk 0.38cvss 5.9epss 0.01

    The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509…

  • CVE-2025-31335MedMar 28, 2025
    risk 0.26cvss 4.0epss 0.00

    The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures).