Skip to content

Google OSV scanner is still reporting CVE-2026-49283 and CVE-2026-49289 for v4.19.3 (simplesamlphp/saml2) #420

Description

@HdeBruijnDeveloper

According to page GHSA-5cjr-mxj5-wmrx the CVE CVE-2026-49289 is fixed in v4.19.3.
Same applies for CVE-2026-49283, see GHSA-6929-8p9f-26jx

But there is no mentioning of these fixes on GHSA-5cjr-mxj5-wmrx and GHSA-6929-8p9f-26jx

After updating the package to v4.19.3 in our project both CVE's are still reported by the OSV Scanner

Should v4.19.3 be added to both pages GHSA-5cjr-mxj5-wmrx and GHSA-6929-8p9f-26jx?

If so can this be done?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions