Security: php/php-src
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Possible out of bounds read when XML_OPTION_SKIP_TAGSTART usedGHSA-wg4p-4hqh-c3g9 published
Mar 13, 2025 by bukkaLow -
Header parser of `http` stream wrapper does not handle folded headersGHSA-v8xr-gpvj-cx9g published
Mar 13, 2025 by bukkaModerate -
libxml streams use wrong `content-type` header when requesting a redirected resourceGHSA-p3x9-6h7p-cgfc published
Mar 13, 2025 by bukkaModerate -
Stream HTTP wrapper header check might omit basic auth headerGHSA-hgf5-96fm-v528 published
Mar 13, 2025 by bukkaModerate -
Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI InterfaceGHSA-4w77-75f9-2c8w published
Nov 21, 2024 by bukkaLow -
Single byte overread with convert.quoted-printable-decode filterGHSA-r977-prxv-hc43 published
Nov 21, 2024 by bukkaModerate -
Reference counting in php_request_shutdown causes Use-After-FreeGHSA-rwp7-7vc6-8477 published
Mar 13, 2025 by bukkaModerate -
Integer overflow in the firebird and dblib quoters causing OOB writesGHSA-5hqh-c84r-qjcv published
Nov 21, 2024 by bukkaModerate -
Configuring a proxy in a stream context might allow for CRLF injection in URIsGHSA-c5f2-jwm7-mmq2 published
Nov 21, 2024 by bukkaModerate -
OOB access in ldap_escapeGHSA-g665-fm4p-vhff published
Nov 21, 2024 by bukkaModerate