[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-10127":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":27,"downstream":28,"duplicates":37,"related":38,"reserved_at":9,"published_at":42,"modified_at":43,"state":44,"summary":45,"references_raw":54,"kevs":114,"epss":115,"epss_history":118,"metrics":378,"affected":394},"CVE-2016-10127","PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-611","Improper Restriction of XML External Entity Reference","The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-221","Data Serialization External Entities Blowup",[],[],[25,26],"GHSA-m269-wj6g-c459","PYSEC-2017-67",[],[29,31,33,35],{"_key":30},"SUSE-SU-2019:2867-1",{"_key":32},"SUSE-SU-2017:0569-1",{"_key":34},"SUSE-SU-2019:2671-1",{"_key":36},"DEBIAN-CVE-2016-10127",[],[39,40,41],{"_key":30},{"_key":32},{"_key":34},"2017-03-03T15:00:00.000Z","2024-08-06T03:14:41.302Z","Modified",{"cisa_kev":46,"cisa_ransomware":46,"cisa_vendor":9,"epss_severity":47,"epss_score":48,"severity":49,"severity_score":50,"severity_version":51,"severity_source":52,"severity_vector":53,"severity_status":44},false,"low",0.00471,"critical",9,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",[55,66,70,77,82,88,92,97,101,105,110],{"url":56,"sources":57,"tags":60},"https://github.com/rohe/pysaml2/issues/366",[58,52,59],"cve.org","osv_pypi",[61,62,63,64,65],"X Refsource MISC","Issue Tracking","Patch","WEB","REPORT",{"url":67,"sources":68,"tags":69},"https://github.com/rohe/pysaml2/pull/379",[58,52,59],[61,62,63,64],{"url":71,"sources":72,"tags":73},"http://www.openwall.com/lists/oss-security/2017/01/19/5",[58,52,59],[74,75,76,64],"Mailing List","X Refsource MLIST","Third Party Advisory",{"url":78,"sources":79,"tags":80},"https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b",[58,52,59],[61,63,64,81],"FIX",{"url":83,"sources":84,"tags":85},"http://www.securityfocus.com/bid/95376",[58,52,59],[86,87,64],"VDB Entry","X Refsource BID",{"url":89,"sources":90,"tags":91},"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850716",[58,52,59],[61,74,76,64],{"url":93,"sources":94,"tags":95},"https://nvd.nist.gov/vuln/detail/CVE-2016-10127",[59],[96],"Advisory",{"url":98,"sources":99,"tags":100},"https://github.com/advisories/GHSA-m269-wj6g-c459",[59],[96],{"url":102,"sources":103,"tags":104},"https://github.com/pypa/advisory-database/tree/main/vulns/pysaml2/PYSEC-2017-67.yaml",[59],[64],{"url":106,"sources":107,"tags":108},"https://github.com/rohe/pysaml2",[59],[109],"PACKAGE",{"url":111,"sources":112,"tags":113},"https://web.archive.org/web/20200227195127/http://www.securityfocus.com/bid/95376",[59],[64],[],{"date":116,"score":48,"percentile":117},"2026-06-04",0.64962,[119,123,126,129,132,134,137,140,143,146,149,152,155,158,160,163,166,169,172,175,178,181,184,186,189,192,195,198,201,204,207,209,212,215,217,220,223,226,229,232,235,237,240,243,246,249,252,254,257,260,263,266,269,272,275,277,280,283,286,289,292,294,297,300,303,306,309,312,314,316,319,322,325,328,331,334,337,340,343,346,349,352,355,357,360,363,366,369,372,375],{"date":120,"score":121,"percentile":122},"2025-11-04",0.00778,0.72874,{"date":124,"score":121,"percentile":125},"2025-11-05",0.7286,{"date":127,"score":121,"percentile":128},"2025-11-06",0.72859,{"date":130,"score":121,"percentile":131},"2025-11-07",0.72876,{"date":133,"score":121,"percentile":131},"2025-11-08",{"date":135,"score":121,"percentile":136},"2025-11-09",0.72869,{"date":138,"score":121,"percentile":139},"2025-11-10",0.72863,{"date":141,"score":121,"percentile":142},"2025-11-11",0.72868,{"date":144,"score":121,"percentile":145},"2025-11-12",0.72886,{"date":147,"score":121,"percentile":148},"2025-11-13",0.72893,{"date":150,"score":121,"percentile":151},"2025-11-14",0.72899,{"date":153,"score":121,"percentile":154},"2025-11-15",0.72897,{"date":156,"score":121,"percentile":157},"2025-11-16",0.72892,{"date":159,"score":121,"percentile":145},"2025-11-17",{"date":161,"score":121,"percentile":162},"2025-11-18",0.71532,{"date":164,"score":121,"percentile":165},"2025-11-19",0.71539,{"date":167,"score":121,"percentile":168},"2025-11-20",0.71547,{"date":170,"score":121,"percentile":171},"2025-11-21",0.72906,{"date":173,"score":121,"percentile":174},"2025-11-22",0.72902,{"date":176,"score":121,"percentile":177},"2025-11-23",0.72884,{"date":179,"score":121,"percentile":180},"2025-11-24",0.72877,{"date":182,"score":121,"percentile":183},"2025-11-25",0.72879,{"date":185,"score":121,"percentile":177},"2025-11-26",{"date":187,"score":121,"percentile":188},"2025-11-27",0.72888,{"date":190,"score":121,"percentile":191},"2025-11-28",0.72881,{"date":193,"score":121,"percentile":194},"2025-11-29",0.7287,{"date":196,"score":121,"percentile":197},"2025-11-30",0.72864,{"date":199,"score":121,"percentile":200},"2025-12-01",0.72996,{"date":202,"score":121,"percentile":203},"2025-12-02",0.73008,{"date":205,"score":121,"percentile":206},"2025-12-03",0.73007,{"date":208,"score":121,"percentile":131},"2025-12-04",{"date":210,"score":121,"percentile":211},"2025-12-05",0.72885,{"date":213,"score":121,"percentile":214},"2025-12-06",0.72883,{"date":216,"score":121,"percentile":145},"2025-12-07",{"date":218,"score":121,"percentile":219},"2025-12-08",0.72889,{"date":221,"score":121,"percentile":222},"2025-12-09",0.72917,{"date":224,"score":121,"percentile":225},"2025-12-10",0.72951,{"date":227,"score":121,"percentile":228},"2025-12-11",0.72969,{"date":230,"score":121,"percentile":231},"2025-12-12",0.72991,{"date":233,"score":121,"percentile":234},"2025-12-13",0.72999,{"date":236,"score":121,"percentile":200},"2025-12-14",{"date":238,"score":121,"percentile":239},"2025-12-15",0.72997,{"date":241,"score":121,"percentile":242},"2025-12-16",0.73006,{"date":244,"score":121,"percentile":245},"2025-12-17",0.73019,{"date":247,"score":121,"percentile":248},"2025-12-18",0.73041,{"date":250,"score":121,"percentile":251},"2025-12-19",0.73059,{"date":253,"score":121,"percentile":251},"2025-12-20",{"date":255,"score":121,"percentile":256},"2025-12-21",0.73055,{"date":258,"score":121,"percentile":259},"2025-12-22",0.73054,{"date":261,"score":121,"percentile":262},"2025-12-23",0.73044,{"date":264,"score":121,"percentile":265},"2025-12-24",0.73053,{"date":267,"score":121,"percentile":268},"2025-12-25",0.73081,{"date":270,"score":121,"percentile":271},"2025-12-26",0.7308,{"date":273,"score":121,"percentile":274},"2025-12-27",0.73092,{"date":276,"score":121,"percentile":256},"2025-12-28",{"date":278,"score":121,"percentile":279},"2025-12-29",0.7305,{"date":281,"score":121,"percentile":282},"2025-12-30",0.73065,{"date":284,"score":121,"percentile":285},"2025-12-31",0.73094,{"date":287,"score":121,"percentile":288},"2026-01-01",0.73243,{"date":290,"score":121,"percentile":291},"2026-01-02",0.73241,{"date":293,"score":121,"percentile":291},"2026-01-03",{"date":295,"score":121,"percentile":296},"2026-01-04",0.73105,{"date":298,"score":121,"percentile":299},"2026-01-05",0.73096,{"date":301,"score":121,"percentile":302},"2026-01-06",0.7311,{"date":304,"score":121,"percentile":305},"2026-01-07",0.73121,{"date":307,"score":121,"percentile":308},"2026-01-08",0.7313,{"date":310,"score":121,"percentile":311},"2026-01-09",0.73133,{"date":313,"score":121,"percentile":308},"2026-01-10",{"date":315,"score":121,"percentile":305},"2026-01-11",{"date":317,"score":121,"percentile":318},"2026-01-12",0.73111,{"date":320,"score":121,"percentile":321},"2026-01-13",0.73108,{"date":323,"score":121,"percentile":324},"2026-01-14",0.73134,{"date":326,"score":121,"percentile":327},"2026-01-15",0.73141,{"date":329,"score":121,"percentile":330},"2026-01-16",0.73157,{"date":332,"score":121,"percentile":333},"2026-01-17",0.73153,{"date":335,"score":121,"percentile":336},"2026-01-18",0.73131,{"date":338,"score":121,"percentile":339},"2026-01-19",0.73122,{"date":341,"score":121,"percentile":342},"2026-01-20",0.73127,{"date":344,"score":48,"percentile":345},"2026-01-21",0.64035,{"date":347,"score":48,"percentile":348},"2026-01-22",0.64043,{"date":350,"score":48,"percentile":351},"2026-01-23",0.64073,{"date":353,"score":48,"percentile":354},"2026-01-24",0.64077,{"date":356,"score":48,"percentile":348},"2026-01-25",{"date":358,"score":48,"percentile":359},"2026-01-26",0.6403,{"date":361,"score":48,"percentile":362},"2026-01-27",0.6404,{"date":364,"score":48,"percentile":365},"2026-01-28",0.64049,{"date":367,"score":48,"percentile":368},"2026-01-29",0.6405,{"date":370,"score":48,"percentile":371},"2026-01-30",0.64059,{"date":373,"score":48,"percentile":374},"2026-01-31",0.64062,{"date":376,"score":48,"percentile":377},"2026-02-01",0.64208,[379,389],{"source":52,"cvss_v2_0":380,"cvss_v3_0":385,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":381,"baseSeverity":9,"vectorString":382,"impactScore":383,"exploitabilityScore":384},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":50,"baseSeverity":386,"vectorString":53,"impactScore":387,"exploitabilityScore":388},"CRITICAL",10,5.9,{"source":59,"cvss_v2_0":9,"cvss_v3_0":390,"cvss_v3_1":9,"cvss_v4_0":391},{"baseScore":50,"baseSeverity":9,"vectorString":53,"impactScore":387,"exploitabilityScore":388},{"baseScore":392,"baseSeverity":9,"vectorString":393,"impactScore":9,"exploitabilityScore":9},9.4,"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",[395,409],{"ecosystem":396,"name":397,"vendor":396,"product":397,"cpe_part":9,"purl_type":398,"purl_namespace":9,"purl_name":397,"source":9,"versions":399},"PyPI","pysaml2","pypi",[400,406],{"version":401,"is_range":402,"range_type":403,"version_start":9,"version_start_type":9,"version_end":404,"version_end_type":405,"fixed_in":9},"lt6e09a25d9b4b7aa7a506853210a9a14100b8bc9b",true,"ecosystem","6e09a25d9b4b7aa7a506853210a9a14100b8bc9b","excluding",{"version":407,"is_range":402,"range_type":403,"version_start":9,"version_start_type":9,"version_end":408,"version_end_type":405,"fixed_in":9},"lt4_5_0","4.5.0",{"ecosystem":9,"name":397,"vendor":410,"product":397,"cpe_part":411,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":412},"pysaml2_project","a",[413],{"version":414,"is_range":46,"range_type":415,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na","cpe"]