Security Advisories · php/php-src · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
GHSA-453j-q27h-5p8x published Jul 3, 2025 by bukka

Moderate
pgsql extension does not check for errors during escaping
GHSA-hrwm-9436-5mv3 published Jul 3, 2025 by bukka

Moderate
Stream HTTP wrapper truncate redirect location to 1024 bytes
GHSA-52jp-hrpf-2jff published Mar 13, 2025 by bukka

Moderate
Streams HTTP wrapper does not fail for headers with invalid name and no colon
GHSA-pcmh-g36c-qc44 published Mar 13, 2025 by bukka

Moderate
Possible out of bounds read when XML_OPTION_SKIP_TAGSTART used
GHSA-wg4p-4hqh-c3g9 published Mar 13, 2025 by bukka

Low
Header parser of `http` stream wrapper does not handle folded headers
GHSA-v8xr-gpvj-cx9g published Mar 13, 2025 by bukka

Moderate
libxml streams use wrong `content-type` header when requesting a redirected resource
GHSA-p3x9-6h7p-cgfc published Mar 13, 2025 by bukka

Moderate
Stream HTTP wrapper header check might omit basic auth header
GHSA-hgf5-96fm-v528 published Mar 13, 2025 by bukka

Moderate
Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface
GHSA-4w77-75f9-2c8w published Nov 21, 2024 by bukka

Low
Single byte overread with convert.quoted-printable-decode filter
GHSA-r977-prxv-hc43 published Nov 21, 2024 by bukka

Moderate