-
Notifications
You must be signed in to change notification settings - Fork 7.9k
Security: php/php-src
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Reference counting in php_request_shutdown causes Use-After-FreeGHSA-rwp7-7vc6-8477 published
Mar 13, 2025 by bukkaModerate -
Integer overflow in the firebird and dblib quoters causing OOB writesGHSA-5hqh-c84r-qjcv published
Nov 21, 2024 by bukkaModerate -
Configuring a proxy in a stream context might allow for CRLF injection in URIsGHSA-c5f2-jwm7-mmq2 published
Nov 21, 2024 by bukkaModerate -
OOB access in ldap_escapeGHSA-g665-fm4p-vhff published
Nov 21, 2024 by bukkaModerate -
[Mysqlnd] Leak partial content of the heap through heap buffer over-readGHSA-h35g-vwh6-m678 published
Nov 21, 2024 by bukkaHigh -
[PHP-FPM] Logs from childrens may be alteredGHSA-865w-9rf3-2wh5 published
Sep 27, 2024 by bukkaLow -
Null byte termination in hostnamesGHSA-3cr5-j632-f35r published
Jul 3, 2025 by bukkaLow -
Erroneous parsing of multipart form dataGHSA-9pqp-7h25-4f32 published
Sep 27, 2024 by bukkaLow -
PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)GHSA-p99j-rfp4-xqvq published
Sep 27, 2024 by bukkaModerate -
cgi.force_redirect configuration is bypassable due to the environment variable collisionGHSA-94p6-54jq-9mwp published
Sep 27, 2024 by bukkaModerate