@node-saml/node-saml

npm4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting @node-saml/node-samlpage 1 of 1

CVE-2022-39299HIGHCVSS 7.4EG 7.4✓ Fixed in 4.0.0-beta.5
2022-10-12
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attac…
CVE-2023-40178MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.0.5
2023-08-23
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could…
CVE-2025-54369CRITICALCVSS 9.3EG 0.0✓ Fixed in 5.1.0
2025-07-24
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified wh…
CVE-2025-54419CRITICALCVSS 10.0EG 10.0✓ Fixed in 5.1.0
2025-07-28
A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. T…

Check whether @node-saml/node-saml is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @node-saml/node-saml CVEs against the assets you own.

Start Free Scan →