Is esaml safe to use?

esaml has 2 known vulnerabilities on the latest version (4.6.0). DepScope rates its health at 42/100 (high risk).

What is the latest version of esaml?

The latest version of esaml is 4.6.0, released 2024-01-29.

Does esaml have known vulnerabilities?

Yes. esaml has 2 known vulnerabilities. See depscope.dev/pkg/hex/esaml for details.

No, esaml is actively maintained. Latest release: 4.6.0 (2024-01-29).

What are alternatives to esaml?

DepScope has no curated alternatives for esaml at this time.

esaml

hexv4.6.0

SAML Server Provider library for erlang

License BSDpermissive16 versions2 maintainers0 deps9,567 weekly dl

dropbox/esaml

/ 100

Health

safe to use

[email protected] is safe to use (health: 42/100)

Update to >= bab85efde7c136911402a881ca55173759467a26 to fix known vulnerabilities

Health breakdown0 – 100

0/25

maintenance

6/20

popularity

21/25

security

12/15

maturity

3/15

community

Vulnerabilities

2 medium

Advisories (2)

Severity	ID	Summary	Fixed in
medium	CVE-2026-28809	XXE in esaml SAML library allows local file read and potential SSRF	bab85efde7c136911402a881ca55173759467a26
medium	CVE-2026-28809	esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages	—

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/hex/esaml

First published · 2017-08-30T19:39:43.962500Z

Last updated · 2024-01-29T19:57:38.322459Z