-
Notifications
You must be signed in to change notification settings - Fork 7.9k
Security: php/php-src
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace PrefixGHSA-453j-q27h-5p8x published
Jul 3, 2025 by bukkaModerate -
pgsql extension does not check for errors during escapingGHSA-hrwm-9436-5mv3 published
Jul 3, 2025 by bukkaModerate -
Stream HTTP wrapper truncate redirect location to 1024 bytesGHSA-52jp-hrpf-2jff published
Mar 13, 2025 by bukkaModerate -
Streams HTTP wrapper does not fail for headers with invalid name and no colonGHSA-pcmh-g36c-qc44 published
Mar 13, 2025 by bukkaModerate -
Possible out of bounds read when XML_OPTION_SKIP_TAGSTART usedGHSA-wg4p-4hqh-c3g9 published
Mar 13, 2025 by bukkaLow -
Header parser of `http` stream wrapper does not handle folded headersGHSA-v8xr-gpvj-cx9g published
Mar 13, 2025 by bukkaModerate -
libxml streams use wrong `content-type` header when requesting a redirected resourceGHSA-p3x9-6h7p-cgfc published
Mar 13, 2025 by bukkaModerate -
Stream HTTP wrapper header check might omit basic auth headerGHSA-hgf5-96fm-v528 published
Mar 13, 2025 by bukkaModerate -
Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI InterfaceGHSA-4w77-75f9-2c8w published
Nov 21, 2024 by bukkaLow -
Single byte overread with convert.quoted-printable-decode filterGHSA-r977-prxv-hc43 published
Nov 21, 2024 by bukkaModerate