SecAlerts
CVE ListPricingSign Up
onelogin logo

onelogin

Security Risk Profile

63
/100
high

Security Risk Score

Comprehensive risk assessment based on 14 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from January 23, 2017 to present

14
Total CVEs
13
Critical+High
0
Exploited
2
Unpatched

Threat Assessment

Avg CVSS
8.9
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
2
Critical/High
Risk Level
63/100
high

Severity Distribution

Critical
10
High
3
Medium
1
Low
0

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
3

Age Distribution

Common Weaknesses (CWE)

1
Infoleak
2
2
Command Injection
1

Most Affected Products

1. onelogin Ruby-SAML13
2. rubygems/ruby-saml12
3. OmniAuth Omniauth Saml Ruby12
4. debian/ruby-saml5
5. GitLab GitLab5

Recent Vulnerabilities

See more →
CVE-2025-66568
CVSS 9.3critical

ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

12/8/2025
CVE-2025-66567
CVSS 9.3critical

ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

12/8/2025
CVE-2025-34064
CVSS 9.0critical

OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage

7/1/2025🔧 No Patch
CVE-2025-34063
CVSS 10.0critical

OneLogin AD Connector JWT Authentication Bypass via Exposed Signing Key

7/1/2025🔧 No Patch
CVE-2025-34062
CVSS 5.7medium

OneLogin AD Connector API Credential and Signing Key Exposure

7/1/2025🔧 No Patch
CVE-2025-25292
CVSS 9.8EPSS 0%critical

GHSL-2024-329_GHSL-2024-330: Authentication bypasses in ruby-saml - CVE-2025-25291, CVE-2025-25292

3/12/2025
CVE-2025-25293
CVSS 7.7EPSS 0%high

GHSL-2024-355: DoS in ruby-saml - CVE-2025-25293

3/12/2025
CVE-2025-25291
CVSS 9.8EPSS 1%critical

GHSL-2024-329_GHSL-2024-330: Authentication bypasses in ruby-saml - CVE-2025-25291, CVE-2025-25292

3/12/2025
CVE-2024-45409
CVSS 10.0critical

The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

9/10/2024
CVE-2015-20108
CVSS 9.8critical
5/27/2023

Monitor onelogin in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

onelogin Security Vulnerabilities & Risk Score | 14 CVEs | SecAlerts - SecAlerts