vulnerability in PyTrustNFe project

While working on the PyTrustNFe project, we discovered a signature verification vulnerability in the Python library SignXML(this dependency used by PyTrustNFe), tracked as [CVE-2025-48994](https://vulert.com/vuln-db/CVE-2025-48994). SignXML is commonly used for generating and verifying XML signatures in secure data transmission workflows. Attacker could craft a signature using an unexpected asymmetric algorithm 
[CVE Link](https://vulert.com/vuln-db/CVE-2025-48994)
[CVE Report](https://vulert.com/vuln-scan/list/af0ba7d4-a155-4917-a01d-7ef0c4454def?sort_order=desc&sort_by=created_at)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

vulnerability in PyTrustNFe project #336

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

vulnerability in PyTrustNFe project #336

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions