Security: php/php-src
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
password_verify can erroneously return true, opening ATO riskGHSA-h746-cjrr-wfmr published
Apr 11, 2024 by bukkaLow -
mb_encode_mimeheader runs endlessly for some inputsGHSA-fjp9-9hwx-59fq published
Apr 11, 2024 by bukkaHigh -
Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on WindowsGHSA-pc52-254m-w9w7 published
Apr 11, 2024 by bukkaCritical -
PHP is vulnerable to the Marvin AttackGHSA-hh26-4ppw-5864 published
Jun 6, 2024 by bukkaModerate -
Security issue with external entity loading in XML without enabling itGHSA-3qrf-m4j2-pcrr published
Aug 5, 2023 by smalyshevHigh -
Buffer overflow and overread in phar_dir_read()GHSA-jqcx-ccgc-xwhv published
Aug 5, 2023 by smalyshevCritical -
Missing error check and insufficient random bytes in HTTP Digest authentication for SOAPGHSA-76gg-c692-v2mw published
Jun 12, 2023 by bukkaLow -
BCrypt hashes erroneously validate if the salt is cut short by `$`GHSA-7fj2-8x79-rjf4 published
Feb 15, 2023 by smalyshevLow -
DoS vulnerability when parsing multipart request bodyGHSA-54hq-v5wp-fqgv published
Feb 15, 2023 by smalyshevHigh