Package impact
Go / github.com/russellhaering/goxmldsig
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33487 | unknown | — | — | 3mo ago | Loop Variable Capture Signature Bypass in goxmldsig in github.com/russellhaering/goxmldsig | |||
| CVE-2020-26290 | unknown | — | — | 5y ago | Critical security issues in XML encoding in github.com/dexidp/dex | |||
| CVE-2020-7711 | unknown | — | — | 5y ago | This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | |||
| CVE-2020-7731 | unknown | — | — | 5y ago | Panic due to malformed XML digital signature in github.com/russellhaering/goxmldsig | |||
| CVE-2020-15216 | unknown | — | — | 5y ago | In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered fi… |