{"id":3538013,"name":"esaml","ecosystem":"hex","description":"SAML Server Provider library for erlang","homepage":"https://github.com/handnot2/esaml","licenses":"https://github.com/handnot2/esaml","normalized_licenses":["MulanPSL-2.0"],"repository_url":"https://github.com/dropbox/esaml","keywords_array":[],"namespace":null,"versions_count":16,"first_release_published_at":"2017-08-30T19:39:43.991Z","latest_release_published_at":"2024-01-29T19:57:38.322Z","latest_release_number":"4.6.0","last_synced_at":"2026-04-03T18:12:10.828Z","created_at":"2022-04-11T00:00:50.487Z","updated_at":"2026-04-04T16:12:44.795Z","registry_url":"https://hex.pm/packages/esaml/","install_command":"mix hex.package fetch esaml ","documentation_url":"http://hexdocs.pm/esaml/","metadata":{},"repo_metadata":{"id":40756994,"uuid":"427122687","full_name":"dropbox/esaml","owner":"dropbox","description":"Erlang SAML library, SSO and SLO, with Cowboy integration","archived":false,"fork":true,"pushed_at":"2024-07-01T22:17:22.000Z","size":474,"stargazers_count":23,"open_issues_count":4,"forks_count":22,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-15T12:25:31.406Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Erlang","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"handnot2/esaml","license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dropbox.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-11-11T19:43:11.000Z","updated_at":"2025-08-26T18:44:32.000Z","dependencies_parsed_at":"2023-02-01T05:00:45.305Z","dependency_job_id":null,"html_url":"https://github.com/dropbox/esaml","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/dropbox/esaml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dropbox","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30936364,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-25T17:54:13.764Z","status":"ssl_error","status_checked_at":"2026-03-25T17:54:02.372Z","response_time":80,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"dropbox","name":"Dropbox","uuid":"559357","kind":"organization","description":"","email":null,"website":"https://dropbox.com/","location":"San Francisco","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/559357?v=4","repositories_count":228,"last_synced_at":"2024-12-17T01:03:25.965Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/dropbox","funding_links":[],"total_stars":58809,"followers":598,"following":0,"created_at":"2022-11-02T16:38:13.465Z","updated_at":"2024-12-17T01:03:25.966Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dropbox","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dropbox/repositories"},"tags":[{"name":"v4.2.0","sha":"ec1212c57931fea81f337bc2d8a26ad651904df1","kind":"commit","published_at":"2019-02-10T17:22:37.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v4.2.0","html_url":"https://github.com/dropbox/esaml/releases/tag/v4.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v4.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v4.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v4.2.0/manifests"},{"name":"v4.1.0","sha":"5a4fd213f82e0d2777834cb5e529efe571c45166","kind":"commit","published_at":"2019-01-31T00:04:04.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v4.1.0","html_url":"https://github.com/dropbox/esaml/releases/tag/v4.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v4.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v4.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v4.1.0/manifests"},{"name":"v4.0.0","sha":"caa2710d6e8248794ae3451654f241a08a7b4cc0","kind":"commit","published_at":"2018-12-22T02:11:59.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v4.0.0","html_url":"https://github.com/dropbox/esaml/releases/tag/v4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v4.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v4.0.0/manifests"},{"name":"v3.6.1","sha":"37719246dcf2e91ea81eddf38d11577754f54b68","kind":"commit","published_at":"2018-10-19T18:03:56.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v3.6.1","html_url":"https://github.com/dropbox/esaml/releases/tag/v3.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v3.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.6.1/manifests"},{"name":"v3.6.0","sha":"6948f14d818aa8851ad21142aae286ac3abe00fc","kind":"commit","published_at":"2018-09-18T23:40:26.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v3.6.0","html_url":"https://github.com/dropbox/esaml/releases/tag/v3.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v3.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.6.0/manifests"},{"name":"v3.5.0","sha":"93185eab3909de3317ab024c1a5860159cf0313b","kind":"commit","published_at":"2018-07-23T16:50:47.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v3.5.0","html_url":"https://github.com/dropbox/esaml/releases/tag/v3.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v3.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.5.0/manifests"},{"name":"v3.4.0","sha":"1c8a6403ee1dbc84c8527f5b9de0c5211b5e5326","kind":"commit","published_at":"2018-02-24T22:34:50.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v3.4.0","html_url":"https://github.com/dropbox/esaml/releases/tag/v3.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v3.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.4.0/manifests"},{"name":"v3.3.0","sha":"5a21a83d71c9d6c133c66b9ce6d89bab8b028552","kind":"commit","published_at":"2017-12-01T07:20:35.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v3.3.0","html_url":"https://github.com/dropbox/esaml/releases/tag/v3.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v3.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.3.0/manifests"},{"name":"v3.2.0","sha":"b466278bd0eeff29711c5ba17b512613ba4d7633","kind":"commit","published_at":"2017-11-17T23:36:18.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v3.2.0","html_url":"https://github.com/dropbox/esaml/releases/tag/v3.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v3.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.2.0/manifests"},{"name":"v3.1.0","sha":"519527b389438e02835187dad9f583068e1ccd4a","kind":"commit","published_at":"2017-10-02T03:15:21.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v3.1.0","html_url":"https://github.com/dropbox/esaml/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v3.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.1.0/manifests"},{"name":"v3.0.1","sha":"e83ddf515473326c9bdcf0436b5028a82d58ed00","kind":"tag","published_at":"2017-08-30T19:40:45.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v3.0.1","html_url":"https://github.com/dropbox/esaml/releases/tag/v3.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v3.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.0.1/manifests"},{"name":"v2.1.0","sha":"a5018d2c69fe3db793c9a4cbee65348807810857","kind":"tag","published_at":"2017-08-30T18:55:23.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v2.1.0","html_url":"https://github.com/dropbox/esaml/releases/tag/v2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v2.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v2.1.0/manifests"},{"name":"v3.0.0","sha":"9b7c3b1fe14ae9ffd475b892915965fa1e44b1f5","kind":"tag","published_at":"2017-08-30T18:45:23.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v3.0.0","html_url":"https://github.com/dropbox/esaml/releases/tag/v3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v3.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v3.0.0/manifests"},{"name":"2.0.0","sha":"bab6bd8fabb15c562e0717ba77b6f4a5183d73e7","kind":"tag","published_at":"2017-03-09T10:18:05.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/2.0.0","html_url":"https://github.com/dropbox/esaml/releases/tag/2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@2.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/2.0.0/manifests"},{"name":"v1.1","sha":"b1857b9a865423736bc8be11bb82cd45957683d3","kind":"commit","published_at":"2015-04-02T04:03:54.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v1.1","html_url":"https://github.com/dropbox/esaml/releases/tag/v1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v1.1/manifests"},{"name":"v1.0","sha":"baa5355d37f6599b577fe11a210adf02f89e0bcd","kind":"commit","published_at":"2014-07-24T13:09:13.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v1.0","html_url":"https://github.com/dropbox/esaml/releases/tag/v1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v1.0/manifests"},{"name":"v0.1","sha":"b6f3a918ac935d789f93c956548dce1ace0182c4","kind":"commit","published_at":"2013-10-31T10:11:00.000Z","download_url":"https://codeload.github.com/dropbox/esaml/tar.gz/v0.1","html_url":"https://github.com/dropbox/esaml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/dropbox/esaml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2026-04-03T18:12:10.465Z","dependent_packages_count":2,"downloads":2754695,"downloads_period":"total","dependent_repos_count":10,"rankings":{"downloads":2.8577059519117065,"dependent_repos_count":6.017606096439364,"dependent_packages_count":6.971548721992246,"stargazers_count":20.151116951379763,"forks_count":11.049796347391933,"docker_downloads_count":null,"average":9.409554813823004},"purl":"pkg:hex/esaml","advisories":[{"uuid":"GSA_kwCzR0hTQS00ZzJoLXZtN3gtNzQ3Y84ABUBu","url":"https://github.com/advisories/GHSA-4g2h-vm7x-747c","title":"esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages","description":"XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages.\n\nesaml parses attacker-controlled SAML messages using xmerl_scan:string/2 before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages.\n\nThis issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-03-23T12:30:29.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2026-28809","https://cna.erlef.org/cves/CVE-2026-28809.html","https://github.com/advisories/GHSA-4g2h-vm7x-747c"],"source_kind":"github","identifiers":["GHSA-4g2h-vm7x-747c","CVE-2026-28809"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-03-25T20:00:09.487Z","updated_at":"2026-04-04T15:00:32.362Z","epss_percentage":0.00063,"epss_percentile":0.19552,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00ZzJoLXZtN3gtNzQ3Y84ABUBu","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00ZzJoLXZtN3gtNzQ3Y84ABUBu","packages":[{"ecosystem":"hex","package_name":"esaml","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 4.6.0"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00ZzJoLXZtN3gtNzQ3Y84ABUBu/related_packages","related_advisories":[{"uuid":"EEF-CVE-2026-28809","source_kind":"erlef","url":"https://cna.erlef.org/cves/CVE-2026-28809.html"}]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/hex/esaml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/hex/esaml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/hex/esaml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-07-31T07:55:39.113Z","issues_count":0,"pull_requests_count":11,"avg_time_to_close_issue":null,"avg_time_to_close_pull_request":2237879.0,"issues_closed_count":0,"pull_requests_closed_count":9,"pull_request_authors_count":10,"issue_authors_count":0,"avg_comments_per_issue":null,"avg_comments_per_pull_request":1.4545454545454546,"merged_pull_requests_count":6,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":0,"past_year_pull_requests_count":4,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":34.333333333333336,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":3,"past_year_pull_request_authors_count":3,"past_year_issue_authors_count":0,"past_year_avg_comments_per_issue":null,"past_year_avg_comments_per_pull_request":1.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/dropbox%2Fesaml/issues","maintainers":[{"login":"k-cross","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/k-cross"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/hex.pm/packages/esaml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/hex.pm/packages/esaml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/hex.pm/packages/esaml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/hex.pm/packages/esaml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/hex.pm/packages/esaml/codemeta","maintainers":[{"uuid":"handnot2","login":"handnot2","name":null,"email":"handnot2@gmail.com","url":null,"packages_count":6,"html_url":"https://hex.pm/users/handnot2","role":null,"created_at":"2022-11-08T10:23:27.563Z","updated_at":"2022-11-08T10:23:27.563Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/hex.pm/maintainers/handnot2/packages"},{"uuid":"kmc","login":"kmc","name":null,"email":"kencross@dropbox.com","url":null,"packages_count":2,"html_url":"https://hex.pm/users/kmc","role":null,"created_at":"2022-11-08T10:23:27.571Z","updated_at":"2022-11-08T10:23:27.571Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/hex.pm/maintainers/kmc/packages"}]}