omniauth
Security Risk Profile
54
/100
mediumSecurity Risk Score
Comprehensive risk assessment based on 8 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from January 26, 2018 to present
8
Total CVEs
8
Critical+High
0
Exploited
0
Unpatched
Threat Assessment
Avg CVSS
9.1
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
54/100
medium
Severity Distribution
Critical
5High
3Medium
0Low
0Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
3Age Distribution
Common Weaknesses (CWE)
1
CSRF
1
Most Affected Products
1. OmniAuth Omniauth Saml Ruby12
2. rubygems/ruby-saml8
3. onelogin Ruby-SAML8
4. GitLab GitLab5
5. debian/ruby-saml4
Recent Vulnerabilities
See more →CVE-2025-25292
CVSS 9.8EPSS 0%critical
GHSL-2024-329_GHSL-2024-330: Authentication bypasses in ruby-saml - CVE-2025-25291, CVE-2025-25292
3/12/2025
CVE-2025-25293
CVSS 7.7EPSS 0%high
GHSL-2024-355: DoS in ruby-saml - CVE-2025-25293
3/12/2025
CVE-2025-25291
CVSS 9.8EPSS 1%critical
GHSL-2024-329_GHSL-2024-330: Authentication bypasses in ruby-saml - CVE-2025-25291, CVE-2025-25292
3/12/2025
CVE-2024-45409
CVSS 10.0critical
The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
9/10/2024
CVE-2020-36599
CVSS 9.8critical
8/18/2022
CVE-2015-9284
CVSS 8.8high
4/26/2019
CVE-2017-11430
CVSS 9.8critical
Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
4/17/2019
CVE-2017-18076
CVSS 7.5high
1/26/2018
Monitor omniauth in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.