passport-saml
npm3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting passport-samlpage 1 of 1
- CVE-2021-39171MEDIUMCVSS 5.3EG 5.3✓ Fixed in 3.1.02021-08-27
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby res…
- CVE-2022-39299HIGHCVSS 7.4EG 7.4✓ Fixed in 3.2.22022-10-12
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attac…
- CVE-2025-54419CRITICALCVSS 10.0EG 10.02025-07-28
A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. T…
Check whether passport-saml is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for passport-saml CVEs against the assets you own.
Start Free Scan →