An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

npm

5,162,107 packages · npmjs.org

High Security Advisories for https://github.com/node-saml/passport-saml in npm Clear Filters

High
almost 3 years ago

Signature bypass via multiple root elements GSA_kwCzR0hTQS1tOTc0LTY0N3Ytd2h2N84AAvTE

npm @node-saml/passport-saml, @node-saml/node-saml, node-saml, passport-saml

Filter by Severity

Filter by Package

parse-server 16 electron 12 next 11 directus 11 flowise 9 @anthropic-ai/claude-code 8 tar 7 @strapi/strapi 7 strapi 7 express-cart 6 matrix-js-sdk 6 handlebars 6 @openzeppelin/contracts 6 sequelize 6 npm 6 @haxtheweb/haxcms-nodejs 5 axios 5 serve 5 ua-parser-js 5 @openzeppelin/contracts-upgradeable 5 systeminformation 5 total.js 4 @strapi/plugin-users-permissions 4 tar-fs 4 yarn 4 hapi 4 ckeditor4 4 marked 4 @finos/git-proxy 4 multer 4 matrix-react-sdk 4 prismjs 4 qs 4 shescape 4 muhammara 4 generator-jhipster 4 nocodb 4 auth0-js 4 @apollo/gateway 4 openpgp 4 simple-git 3 @sveltejs/kit 3 fastify 3 aws-iot-device-sdk-v2 3 awsiotsdk 3 @backstage/plugin-scaffolder-backend 3 mermaid 3 moment 3 passport-wsfed-saml2 3 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 3 ecstatic 3 socket.io-file 3 node-forge 3 open-webui 3 rendertron 3 ghost 3 steal 3 next-auth 3 node-opcua 3 highcharts 3 localhost-now 3 jspdf 3 ids-enterprise 3 meshcentral 3 jsrsasign 3 n8n 3 hermes-engine 3 @uppy/companion 3 @commercial/subtext 3 keystone 3 open-webui 3 vite 3 ws 3 remarkable 3 convert-svg-core 3 node-saml 2 mout 2 css-what 2 codecov 2 fuxa-server 2 dompurify 2 cached-path-relative 2 @fastify/multipart 2 sails 2 lodash.mergewith 2 http-proxy 2 undici 2 angular-expressions 2 snyk 2 grunt 2 react-router 2 node-jose 2 mqtt-packet 2 @cubejs-backend/api-gateway 2 @tinacms/cli 2 tiny-secp256k1 2 joplin 2 code-server 2 nuxt-api-party 2 path-to-regexp 2 object-path 2 pdfjs-dist 2 fast-xml-parser 2 engine.io 2 loader-utils 2 node-static 2 jointjs 2 xdLocalStorage 2 decal 2 mongoose 2 merge 2 oauth2-server 2 @solana/web3.js 2 rollup-plugin-server 2 minimatch 2 @discordjs/opus 2 loopback-connector-mongodb 2 assign-deep 2 deep-get-set 2 json-ptr 2 lodash.defaultsdeep 2 jquery-validation 2 xlsx 2 urijs 2 @strikeentco/set 2 squirrelly 2 total4 2 convict 2 @modelcontextprotocol/server-filesystem 2 debug 2 @frangoteam/fuxa 2 dojo 2 hawk 2 vp-toolkit 2 mongosh 2 immer 2 @evershop/evershop 2 uptime-kuma 2 detect-character-encoding 2 pnpm 2 @auth0/nextjs-auth0 2 fs-git 2 simple-markdown 2 @plone/volto 2 glob-parent 2 @directus/api 2 @npmcli/arborist 2 @kindspells/astro-shield 2 angular 2 eta 2 rsshub 2 buttle 2 hummus 2 nodebb 2 mixme 2 content 2 is-svg 2 @theia/mini-browser 2 erxes 2 Moment.js 2 devcert 2 matrix-appservice-irc 2 lodash.merge 2 semver 2 financejs 2 @saltcorn/server 2 mcstatic 2 sqlite3 2 bmoor 2 http-live-simulator 2 get-setter 1 install-nw 1 frourio-express 1 handsontable 1 is-http2 1 js-toml 1 react-native-baidu-voice-synthesizer 1 yjmyjmyjm 1 dgard8.lab6 1 decode-uri-component 1 unicorn-list 1 tmpl 1 @pnpm/win-x64 1 serverabc 1 http-proxy-middleware 1 simple-get 1 express-openid-connect 1 @chainsafe/lodestar 1 js-yaml 1 git-promise 1 tough-cookie 1 is-user-valid 1 underscore-keypath 1 node-stringbuilder 1 jqueryfiletree 1 osm-static-maps 1 @executeautomation/database-server 1 @nguniversal/common 1 fancy-server 1 @conform-to/zod 1

Filter by Repository

https://github.com/parse-community/parse-server 16 https://github.com/electron/electron 12 https://github.com/directus/directus 12 https://github.com/strapi/strapi 10 https://github.com/vercel/next.js 9 https://github.com/backstage/backstage 8 https://github.com/anthropics/claude-code 8 https://github.com/FlowiseAI/Flowise 7 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/npm/node-tar 6 https://github.com/matrix-org/matrix-js-sdk 6 https://github.com/sequelize/sequelize 6 https://github.com/faisalman/ua-parser-js 5 https://github.com/axios/axios 5 https://github.com/sebhildebrandt/systeminformation 5 https://github.com/haxtheweb/issues 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/finos/git-proxy 4 https://github.com/matrix-org/matrix-react-sdk 4 https://github.com/expressjs/multer 4 https://github.com/mafintosh/tar-fs 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/ericcornelissen/shescape 4 https://github.com/saltcorn/saltcorn 4 https://github.com/node-opcua/node-opcua 4 https://github.com/npm/cli 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/openpgpjs/openpgpjs 4 https://github.com/PrismJS/prism 4 https://github.com/nocodb/nocodb 4 https://github.com/totaljs/framework 4 https://github.com/ofirdagan/cross-domain-local-storage 3 https://github.com/n8n-io/n8n 3 https://github.com/hapijs/subtext 3 https://github.com/udecode/plate 3 https://github.com/highcharts/highcharts 3 https://github.com/jonschlinkert/remarkable 3 https://github.com/mrvautin/expressCart 3 https://github.com/kjur/jsrsasign 3 https://github.com/moment/moment 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/sveltejs/kit 3 https://github.com/handlebars-lang/handlebars.js 3 https://github.com/cure53/DOMPurify 3 https://github.com/facebook/hermes 3 https://github.com/auth0/passport-wsfed-saml2 3 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/yarnpkg/yarn 3 https://github.com/fastify/fastify-multipart 3 https://github.com/balderdashy/sails 3 https://github.com/stealjs/steal 3 https://github.com/transloadit/uppy 3 https://github.com/steveukx/git-js 3 https://github.com/TryGhost/Ghost 3 https://github.com/Marak/colors.js 3 https://github.com/apollographql/federation 3 https://github.com/nextauthjs/next-auth 3 https://github.com/remix-run/react-router 3 https://github.com/Ylianst/MeshCentral 3 https://github.com/digitalbazaar/forge 3 https://github.com/aws/aws-iot-device-sdk-java-v2 3 https://github.com/keystonejs/keystone 3 https://github.com/fastify/fastify 3 https://github.com/GoogleChrome/rendertron 3 https://github.com/vitejs/vite 3 https://github.com/npm/npm 3 https://github.com/gatsbyjs/gatsby 3 https://github.com/mozilla/pdf.js 3 https://github.com/neocotic/convert-svg 2 https://github.com/rabobank-blockchain/vp-toolkit 2 https://github.com/fb55/css-what 2 https://github.com/websockets/ws 2 https://github.com/418sec/json-ptr 2 https://github.com/debug-js/debug 2 https://github.com/ashaffer/cached-path-relative 2 https://github.com/vvakame/fs-git 2 https://github.com/julianhille/MuhammaraJS 2 https://github.com/NaturalIntelligence/fast-xml-parser 2 https://github.com/discordjs/opus 2 https://github.com/nuxt/nuxt 2 https://github.com/parallax/jsPDF 2 https://github.com/cube-js/cube.js 2 https://github.com/ariabuckles/simple-markdown 2 https://github.com/bitcoinjs/tiny-secp256k1 2 https://github.com/solana-labs/solana-web3.js 2 https://github.com/jquery-validation/jquery-validation 2 https://github.com/DCKT/localhost-now 2 https://github.com/dojo/dojo 2 https://github.com/ljharb/qs 2 https://github.com/rico345100/socket.io-file 2 https://github.com/mout/mout 2 https://github.com/pillarjs/path-to-regexp 2 https://github.com/TryGhost/node-sqlite3 2 https://github.com/erxes/erxes 2 https://github.com/cloudhead/node-static 2 https://github.com/socketio/engine.io 2 https://github.com/strikeentco/set 2 https://github.com/tinacms/tinacms 2 https://github.com/DIYgod/RSSHub 2 https://github.com/open-webui/open-webui 2 https://github.com/immerjs/immer 2 https://github.com/auth0/nextjs-auth0 2 https://github.com/matrix-org/matrix-appservice-irc 2 https://github.com/ebradyjobory/finance.js 2 https://github.com/beerpwn/CVE 2 https://github.com/webpack/loader-utils 2 https://github.com/vivaxy/here 2 https://github.com/VulnSphere/LLMVulnSphere 2 https://github.com/withastro/astro 2 https://github.com/plone/volto 2 https://github.com/markedjs/marked 2 https://github.com/adaltas/node-mixme 2 https://github.com/apollographql/apollo-server 2 https://github.com/cisco/node-jose 2 https://github.com/peerigon/angular-expressions 2 https://github.com/electron-userland/electron-builder 2 https://github.com/dimpu/ngx-md 2 https://github.com/eta-dev/eta 2 https://github.com/evershopcommerce/evershop 2 https://github.com/eclipse-theia/theia 2 https://github.com/modelcontextprotocol/servers 2 https://github.com/oauthjs/node-oauth2-server 2 https://github.com/b-heilman/bmoor 2 https://github.com/nodejs/undici 2 https://github.com/pnpm/pnpm 2 https://github.com/gruntjs/grunt 2 https://github.com/sindresorhus/is-svg 2 https://github.com/hapijs/hoek 2 https://github.com/sonicdoe/detect-character-encoding 2 https://github.com/gigafied/decal.js 2 https://github.com/mariocasciaro/object-path 2 https://github.com/VulnSageAgent/PoCs 2 https://github.com/jonschlinkert/assign-deep 2 https://github.com/johannschopplich/nuxt-api-party 2 https://github.com/chjj/marked 2 https://github.com/louislam/uptime-kuma 2 https://github.com/squirrellyjs/squirrelly 2 https://github.com/ag-grid/ag-grid 2 https://github.com/galkahana/HummusJS 2 https://github.com/OrangeShieldInfos/PoCs 2 https://github.com/npm/arborist 2 https://github.com/clientIO/joint 2 https://github.com/mozilla/node-convict 2 https://github.com/jqueryfiletree/jqueryfiletree 1 https://github.com/sandy98/node-simple-router 1 https://github.com/AppGyver/steroids 1 https://github.com/Foddy/node-red-contrib-huemagic 1 https://github.com/ChainSafe/js-libp2p-noise 1 https://github.com/rendrjs/rendr-handlebars 1 https://github.com/APIDevTools/json-schema-ref-parser 1 https://github.com/magiclen/node-stringbuilder 1 https://github.com/Semantic-Org/Semantic-UI 1 https://github.com/MateusTesser/CVE-2023-31717 1 https://github.com/adaltas/node-csv-parse 1 https://github.com/intlify/vue-i18n 1 https://github.com/chakra-ui/zag 1 https://github.com/wazuh/wazuh 1 https://github.com/BadOPCode/NoDash 1 https://github.com/mafintosh/is-my-json-valid 1 https://github.com/janl/mustache.js 1 https://github.com/mongo-express/mongo-express 1 https://github.com/fastify/fastify-csrf 1 https://github.com/nodeca/js-yaml 1 https://github.com/IonicaBizau/node-gry 1 https://github.com/nicolaskruchten/pivottable 1 https://github.com/isaacs/st 1 https://github.com/tanem/react-svg 1 https://github.com/hlfshell/controlled-merge 1 https://github.com/koush/scrypted 1 https://github.com/vuelidate/vuelidate 1 https://github.com/mongodb-js/compass 1 https://github.com/robinbuschmann/sequelize-typescript 1 https://github.com/jtrussell/semver-tags 1 https://github.com/riot/compiler 1 https://github.com/knsv/mermaid 1 https://github.com/tinymce/tinymce 1 https://github.com/fastly/js-compute-runtime 1 https://github.com/ioBroker/ioBroker.js-controller 1 https://github.com/alizeait/unflatto 1 https://github.com/mrdoob/three.js 1 https://github.com/webpack/webpack-dev-server 1 https://github.com/kaizhu256/node-phantomjs-lite 1 https://github.com/mjmlio/mjml 1 https://github.com/musistudio/claude-code-router 1 https://github.com/andrepolischuk/servst 1 https://github.com/lobehub/lobe-chat 1 https://github.com/joeattardi/emoji-button 1 https://github.com/yeikos/js.merge 1 https://github.com/jquery/jquery-mobile 1 https://github.com/monsterkodi/sds 1 https://github.com/expressjs/method-override 1 https://github.com/feross/simple-get 1 https://github.com/tomas/network 1 https://github.com/mikaelkaron/grunt-util-property 1 https://github.com/Woorank/robots-txt-guard 1 https://github.com/nrako/psnode 1 https://github.com/kos0ng/CVEs 1 https://github.com/ChALkeR/notes 1 https://github.com/node-red/node-red 1