samlify

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting samlifypage 1 of 1

CVE-2017-1000452HIGHCVSS 7.5EG 7.5✓ Fixed in 2.4.0-rc5
2018-01-02
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.
CVE-2025-47949HIGHCVSS 7.5EG 7.5✓ Fixed in 2.10.0
2025-05-19
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed…

Check whether samlify is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for samlify CVEs against the assets you own.

Start Free Scan →