node-saml

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting node-samlpage 1 of 1

CVE-2022-39299HIGHCVSS 7.4EG 7.4✓ Fixed in 4.0.0-beta.5
2022-10-12
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attac…
CVE-2022-39300HIGHCVSS 7.7EG 7.7✓ Fixed in 4.0.0-beta.5
2022-10-13
node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possessio…
CVE-2025-54369NONECVSS 0.0EG 0.0
2025-07-24
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified wh…

Check whether node-saml is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for node-saml CVEs against the assets you own.

Start Free Scan →