samlify
npm3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting samlifypage 1 of 1
- CVE-2017-1000452HIGHCVSS 7.5EG 7.5✓ Fixed in 2.4.0-rc52018-01-02
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.
- CVE-2025-47949HIGHCVSS 7.5EG 7.5✓ Fixed in 2.10.02025-05-19
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed…
- CVE-2026-46490HIGHCVSS 8.8EG 8.8✓ Fixed in 2.13.02026-05-21
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:AttributeValue>) are not escaped. A normal use…
Check whether samlify is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for samlify CVEs against the assets you own.
Start Free Scan →