Missing PHP/composer/packagist vulnerabilities

[G-Rath]

I was comparing the results of osv-detector to local-php-security-checker and found a few advisories that don't seem to be in the database:

https://symfony.com/blog/twig-sandbox-information-disclosure
https://nvd.nist.gov/vuln/detail/CVE-2017-9841
https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
https://github.com/FriendsOfPHP/security-advisories/blob/master/erusev/parsedown/CVE-2018-1000162.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/erusev/parsedown/CVE-2019-10905.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/sabberworm/php-css-parser/CVE-2020-13756.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-05-18.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-03-01.yaml
https://framework.zend.com/security/advisory/ZF2018-01
https://www.silverstripe.org/download/security-releases/cve-2020-26138/
https://www.silverstripe.org/download/security-releases/cve-2021-25817/

Most of them seem like they should be straightforward to add, though the Zend Framework one(s) I'm not so sure about.
Let me know if I can help in anyway.

[darakian]

Got all but two out. Double check me, but most of the info comes from friends of PHP.

Zend is presenting a few issues so, I'll get to that next week.

CVE-2021-25817 - https://nvd.nist.gov/vuln/detail/CVE-2021-25817
Has not yet made it to mitre, so I'm holding off on that for now.

[KateCatlin]

Looks like this has been resolved so I'm going to close this issue, thanks all!