RubyGems/omniauth-saml — 3 CVEs

CRITICAL10.0CVE-2024-45409The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

>= 2.0.0, < 2.1.2

CRITICAL9.8CVE-2025-25291ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)

>= 2.2.0, < 2.2.3

HIGH7.7CVE-2017-11430OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal

from 0, < 1.10.0

pkg:RubyGems/omniauth-saml