Launchpad.net

CVE 2016-10127

PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.

See the CVE page on Mitre.org for more details.