Uncontrolled Resource Consumption
When applying Transforms, remote attackers could cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
Advisories for Maven/Xml-Security/Xmlsec package
2014
2013
Cryptographic Issues
Attackers could spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak canonicalization algorithm to apply to the SignedInfo part of the Signature.