HTTP Client
11
Total requests
0
HTTP errors
Clients
http_client 11
Requests
| GET | https://packagist.org/api/security-advisories/ | |
|---|---|---|
| Request options | [ "query" => [ "packages" => [ "guzzlehttp/guzzle" "guzzlehttp/promises" "guzzlehttp/psr7" "paynl/php-sdk" "psr/container" "psr/http-client" "psr/http-factory" "psr/http-message" "ralouphie/getallheaders" "symfony/deprecation-contracts" "async-aws/core" "brick/math" "cocur/slugify" "composer/ca-bundle" "composer/class-map-generator" "composer/composer" "composer/metadata-minifier" "composer/pcre" "composer/semver" "composer/spdx-licenses" ] ] "timeout" => 15 ] |
|
| Response |
200
[ "info" => [ "header_size" => 1444 "request_size" => 758 "total_time" => 0.052946 "namelookup_time" => 0.000241 "connect_time" => 0.005378 "pretransfer_time" => 0.01274 "size_download" => 3053.0 "speed_download" => 57662.0 "starttransfer_time" => 0.052644 "primary_ip" => "169.150.247.35" "primary_port" => 443 "local_ip" => "45.152.250.86" "local_port" => 16816 "http_version" => 3 "protocol" => 2 "scheme" => "https" "appconnect_time_us" => 12608 "connect_time_us" => 5378 "namelookup_time_us" => 241 "pretransfer_time_us" => 12740 "starttransfer_time_us" => 52644 "posttransfer_time_us" => 12740 "total_time_us" => 52946 "effective_method" => "GET" "cainfo" => "/etc/pki/tls/certs/ca-bundle.crt" "start_time" => 1781720190.0652 "original_url" => "https://packagist.org/api/security-advisories/?packages[0]=guzzlehttp/guzzle&packages[1]=guzzlehttp/promises&packages[2]=guzzlehttp/psr7&packages[3]=paynl/php-sdk&packages[4]=psr/container&packages[5]=psr/http-client&packages[6]=psr/http-factory&packages[7]=psr/http-message&packages[8]=ralouphie/getallheaders&packages[9]=symfony/deprecation-contracts&packages[10]=async-aws/core&packages[11]=brick/math&packages[12]=cocur/slugify&packages[13]=composer/ca-bundle&packages[14]=composer/class-map-generator&packages[15]=composer/composer&packages[16]=composer/metadata-minifier&packages[17]=composer/pcre&packages[18]=composer/semver&packages[19]=composer/spdx-licenses" "pause_handler" => Closure(float $duration) {#1236 : "Symfony\Component\HttpClient\Response\CurlResponse" : { : CurlHandle {#1245 …} : Symfony\Component\HttpClient\Internal\CurlClientState {#1362 …} : -9223372036854775808 } } "debug" => """ * Host packagist.org:443 was resolved.\n * IPv6: (none)\n * IPv4: 169.150.247.35\n * Trying 169.150.247.35:443...\n * ALPN: curl offers h2,http/1.1\n * SSL Trust Anchors:\n * CAfile: /etc/pki/tls/certs/ca-bundle.crt\n * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF\n * ALPN: server accepted h2\n * Server certificate:\n * subject: CN=packagist.org\n * start date: Jun 7 18:01:52 2026 GMT\n * expire date: Sep 5 18:01:51 2026 GMT\n * issuer: C=US; O=Let's Encrypt; CN=YR1\n * Certificate level 0: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption\n * Certificate level 1: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption\n * Certificate level 2: Public key type ? (4096/128 Bits/secBits), signed using sha256WithRSAEncryption\n * Certificate level 3: Public key type ? (4096/128 Bits/secBits), signed using sha256WithRSAEncryption\n * subjectAltName: "packagist.org" matches cert's "packagist.org"\n * OpenSSL verify result: 0\n * SSL certificate verified via OpenSSL.\n * Established connection to packagist.org (169.150.247.35 port 443) from 45.152.250.86 port 16816 \n * using HTTP/2\n * [HTTP/2] [1] OPENED stream for https://packagist.org/api/security-advisories/?packages[0]=guzzlehttp/guzzle&packages[1]=guzzlehttp/promises&packages[2]=guzzlehttp/psr7&packages[3]=paynl/php-sdk&packages[4]=psr/container&packages[5]=psr/http-client&packages[6]=psr/http-factory&packages[7]=psr/http-message&packages[8]=ralouphie/getallheaders&packages[9]=symfony/deprecation-contracts&packages[10]=async-aws/core&packages[11]=brick/math&packages[12]=cocur/slugify&packages[13]=composer/ca-bundle&packages[14]=composer/class-map-generator&packages[15]=composer/composer&packages[16]=composer/metadata-minifier&packages[17]=composer/pcre&packages[18]=composer/semver&packages[19]=composer/spdx-licenses\n * [HTTP/2] [1] [:method: GET]\n * [HTTP/2] [1] [:scheme: https]\n * [HTTP/2] [1] [:authority: packagist.org]\n * [HTTP/2] [1] [:path: /api/security-advisories/?packages[0]=guzzlehttp/guzzle&packages[1]=guzzlehttp/promises&packages[2]=guzzlehttp/psr7&packages[3]=paynl/php-sdk&packages[4]=psr/container&packages[5]=psr/http-client&packages[6]=psr/http-factory&packages[7]=psr/http-message&packages[8]=ralouphie/getallheaders&packages[9]=symfony/deprecation-contracts&packages[10]=async-aws/core&packages[11]=brick/math&packages[12]=cocur/slugify&packages[13]=composer/ca-bundle&packages[14]=composer/class-map-generator&packages[15]=composer/composer&packages[16]=composer/metadata-minifier&packages[17]=composer/pcre&packages[18]=composer/semver&packages[19]=composer/spdx-licenses]\n * [HTTP/2] [1] [accept: */*]\n * [HTTP/2] [1] [user-agent: Symfony HttpClient (Curl)]\n * [HTTP/2] [1] [accept-encoding: gzip]\n > GET /api/security-advisories/?packages[0]=guzzlehttp/guzzle&packages[1]=guzzlehttp/promises&packages[2]=guzzlehttp/psr7&packages[3]=paynl/php-sdk&packages[4]=psr/container&packages[5]=psr/http-client&packages[6]=psr/http-factory&packages[7]=psr/http-message&packages[8]=ralouphie/getallheaders&packages[9]=symfony/deprecation-contracts&packages[10]=async-aws/core&packages[11]=brick/math&packages[12]=cocur/slugify&packages[13]=composer/ca-bundle&packages[14]=composer/class-map-generator&packages[15]=composer/composer&packages[16]=composer/metadata-minifier&packages[17]=composer/pcre&packages[18]=composer/semver&packages[19]=composer/spdx-licenses HTTP/2\r\n Host: packagist.org\r\n Accept: */*\r\n User-Agent: Symfony HttpClient (Curl)\r\n Accept-Encoding: gzip\r\n \r\n * Request completely sent off\n < HTTP/2 200 \r\n < date: Wed, 17 Jun 2026 18:16:30 GMT\r\n < content-type: application/json\r\n < vary: Accept-Encoding\r\n < server: BunnyCDN-DE1-1078\r\n < cdn-pullzone: 3535225\r\n < cdn-requestcountrycode: NL\r\n < cache-control: max-age=0, must-revalidate, private\r\n < expires: Wed, 17 Jun 2026 18:16:30 GMT\r\n < strict-transport-security: max-age=31104000\r\n < x-frame-options: DENY\r\n < content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-xss-protection: 1; mode=block\r\n < referrer-policy: strict-origin-when-cross-origin\r\n < x-content-type-options: nosniff\r\n < cdn-proxyver: 1.57\r\n < cdn-requestpullsuccess: True\r\n < cdn-requestpullcode: 200\r\n < cdn-cachedat: 06/17/2026 18:16:30\r\n < cdn-edgestorageid: 1055\r\n < cdn-requestid: 80aa3bec364581858f739a1a19427358\r\n < cdn-cache: MISS\r\n < cdn-status: 200\r\n < cdn-requesttime: 0\r\n < content-encoding: gzip\r\n < \r\n """ ] "url" => "https://packagist.org/api/security-advisories/?packages[0]=guzzlehttp/guzzle&packages[1]=guzzlehttp/promises&packages[2]=guzzlehttp/psr7&packages[3]=paynl/php-sdk&packages[4]=psr/container&packages[5]=psr/http-client&packages[6]=psr/http-factory&packages[7]=psr/http-message&packages[8]=ralouphie/getallheaders&packages[9]=symfony/deprecation-contracts&packages[10]=async-aws/core&packages[11]=brick/math&packages[12]=cocur/slugify&packages[13]=composer/ca-bundle&packages[14]=composer/class-map-generator&packages[15]=composer/composer&packages[16]=composer/metadata-minifier&packages[17]=composer/pcre&packages[18]=composer/semver&packages[19]=composer/spdx-licenses" "response_headers" => [ "HTTP/2 200 " "date: Wed, 17 Jun 2026 18:16:30 GMT" "content-type: application/json" "vary: Accept-Encoding" "server: BunnyCDN-DE1-1078" "cdn-pullzone: 3535225" "cdn-requestcountrycode: NL" "cache-control: max-age=0, must-revalidate, private" "expires: Wed, 17 Jun 2026 18:16:30 GMT" "strict-transport-security: max-age=31104000" "x-frame-options: DENY" "content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-xss-protection: 1; mode=block" "referrer-policy: strict-origin-when-cross-origin" "x-content-type-options: nosniff" "cdn-proxyver: 1.57" "cdn-requestpullsuccess: True" "cdn-requestpullcode: 200" "cdn-cachedat: 06/17/2026 18:16:30" "cdn-edgestorageid: 1055" "cdn-requestid: 80aa3bec364581858f739a1a19427358" "cdn-cache: MISS" "cdn-status: 200" "cdn-requesttime: 0" "content-encoding: gzip" ] "response_json" => [ "advisories" => [ "guzzlehttp/guzzle" => [ [ "advisoryId" => "PKSA-yfw5-9gnj-n2c7" "packageName" => "guzzlehttp/guzzle" "remoteId" => "guzzlehttp/guzzle/CVE-2022-31091.yaml" "title" => "Change in port should be considered a change in origin" "link" => "https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699" "cve" => "CVE-2022-31091" "affectedVersions" => ">=7,<7.4.5|>=4,<6.5.8" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-06-20 22:24:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-q559-8m2m-g699" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "guzzlehttp/guzzle/CVE-2022-31091.yaml" ] ] ] [ "advisoryId" => "PKSA-k1b4-kshy-xgbh" "packageName" => "guzzlehttp/guzzle" "remoteId" => "guzzlehttp/guzzle/CVE-2022-31090.yaml" "title" => "CURLOPT_HTTPAUTH option not cleared on change of origin" "link" => "https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r" "cve" => "CVE-2022-31090" "affectedVersions" => ">=7,<7.4.5|>=4,<6.5.8" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-06-20 22:24:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-25mq-v84q-4j7r" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "guzzlehttp/guzzle/CVE-2022-31090.yaml" ] ] ] [ "advisoryId" => "PKSA-2z36-j4q9-rsfy" "packageName" => "guzzlehttp/guzzle" "remoteId" => "guzzlehttp/guzzle/CVE-2022-31043.yaml" "title" => "Fix failure to strip Authorization header on HTTP downgrade" "link" => "https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q" "cve" => "CVE-2022-31043" "affectedVersions" => ">=7,<7.4.4|>=4,<6.5.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-06-09 23:36:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-w248-ffj2-4v5q" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "guzzlehttp/guzzle/CVE-2022-31043.yaml" ] ] ] [ "advisoryId" => "PKSA-fvw5-9t6n-nwvr" "packageName" => "guzzlehttp/guzzle" "remoteId" => "guzzlehttp/guzzle/CVE-2022-31042.yaml" "title" => "Failure to strip the Cookie header on change in host or HTTP downgrade" "link" => "https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9" "cve" => "CVE-2022-31042" "affectedVersions" => ">=7,<7.4.4|>=4,<6.5.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-06-09 23:36:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-f2wf-25xc-69c9" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "guzzlehttp/guzzle/CVE-2022-31042.yaml" ] ] ] [ "advisoryId" => "PKSA-6d8m-6kgw-18zr" "packageName" => "guzzlehttp/guzzle" "remoteId" => "guzzlehttp/guzzle/CVE-2022-29248.yaml" "title" => "Cross-domain cookie leakage" "link" => "https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3" "cve" => "CVE-2022-29248" "affectedVersions" => ">=7,<7.4.3|>=4,<6.5.6" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-05-25 13:21:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-cwmx-hcrq-mhc3" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "guzzlehttp/guzzle/CVE-2022-29248.yaml" ] ] ] [ "advisoryId" => "PKSA-stmn-hvzq-wph6" "packageName" => "guzzlehttp/guzzle" "remoteId" => "guzzlehttp/guzzle/CVE-2016-5385.yaml" "title" => "HTTP Proxy header vulnerability" "link" => "https://github.com/guzzle/guzzle/releases/tag/6.2.1" "cve" => "CVE-2016-5385" "affectedVersions" => ">=6,<6.2.1|>=4.0.0-rc2,<4.2.4|>=5,<5.3.1" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2015-07-15 17:14:23" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-m6ch-gg5f-wxx3" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "guzzlehttp/guzzle/CVE-2016-5385.yaml" ] ] ] ] "guzzlehttp/psr7" => [ [ "advisoryId" => "PKSA-jj5t-2zs1-dcfm" "packageName" => "guzzlehttp/psr7" "remoteId" => "GHSA-34xg-wgjx-8xph" "title" => "guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation" "link" => "https://github.com/advisories/GHSA-34xg-wgjx-8xph" "cve" => "CVE-2026-48998" "affectedVersions" => "<2.10.2" "source" => "GitHub" "reportedAt" => "2026-06-11 13:04:53" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-34xg-wgjx-8xph" ] ] ] [ "advisoryId" => "PKSA-gm5x-j3mz-71n9" "packageName" => "guzzlehttp/psr7" "remoteId" => "GHSA-hq7v-mx3g-29hw" "title" => "guzzlehttp/psr7 has CRLF Injection via URI Host Component" "link" => "https://github.com/advisories/GHSA-hq7v-mx3g-29hw" "cve" => "CVE-2026-49214" "affectedVersions" => "<2.10.2" "source" => "GitHub" "reportedAt" => "2026-06-11 13:04:47" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-hq7v-mx3g-29hw" ] ] ] [ "advisoryId" => "PKSA-hn62-zkx4-1y5q" "packageName" => "guzzlehttp/psr7" "remoteId" => "guzzlehttp/psr7/CVE-2023-29197.yaml" "title" => "Improper header validation" "link" => "https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw" "cve" => "CVE-2023-29197" "affectedVersions" => ">=2,<2.4.5|<1.9.1" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2023-04-17 16:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-wxmh-65f7-jcvw" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "guzzlehttp/psr7/CVE-2023-29197.yaml" ] ] ] [ "advisoryId" => "PKSA-gvzg-s447-b5b5" "packageName" => "guzzlehttp/psr7" "remoteId" => "guzzlehttp/psr7/CVE-2022-24775.yaml" "title" => "Inproper parsing of HTTP headers" "link" => "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96" "cve" => "CVE-2022-24775" "affectedVersions" => ">=2,<2.1.1|<1.8.4" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-03-20 13:44:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-q7rv-6hp3-vh96" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "guzzlehttp/psr7/CVE-2022-24775.yaml" ] ] ] ] "composer/composer" => [ [ "advisoryId" => "PKSA-pwvr-3754-v57r" "packageName" => "composer/composer" "remoteId" => "composer/composer/CVE-2026-45793.yaml" "title" => "Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs" "link" => "https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2" "cve" => "CVE-2026-45793" "affectedVersions" => ">=2.3,<2.9.8|>=2.0.0,<2.2.28|>=1.0,<1.10.28" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-13 07:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "composer/composer/CVE-2026-45793.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-f9f8-rm49-7jv2" ] ] ] [ "advisoryId" => "PKSA-t5r2-p5q9-mtpn" "packageName" => "composer/composer" "remoteId" => "composer/composer/CVE-2026-40261.yaml" "title" => "Command injection via malicious Perforce source reference/url" "link" => "https://github.com/composer/composer/security/advisories/GHSA-gqw4-4w2p-838q" "cve" => "CVE-2026-40261" "affectedVersions" => ">=2.3,<2.9.6|>=1.0,<2.2.27" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-04-14 09:42:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "composer/composer/CVE-2026-40261.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-gqw4-4w2p-838q" ] ] ] [ "advisoryId" => "PKSA-6bp1-9hfj-2cgv" "packageName" => "composer/composer" "remoteId" => "composer/composer/CVE-2026-40176.yaml" "title" => "Command injection via malicious Perforce repository definition" "link" => "https://github.com/composer/composer/security/advisories/GHSA-wg36-wvj6-r67p" "cve" => "CVE-2026-40176" "affectedVersions" => ">=2.3,<2.9.6|>=1.0,<2.2.27" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-04-14 09:42:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "composer/composer/CVE-2026-40176.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-wg36-wvj6-r67p" ] ] ] [ "advisoryId" => "PKSA-1gck-s111-yq7g" "packageName" => "composer/composer" "remoteId" => "GHSA-59pp-r3rg-353g" "title" => "Composer is vulnerable to ANSI sequence injection" "link" => "https://github.com/advisories/GHSA-59pp-r3rg-353g" "cve" => "CVE-2025-67746" "affectedVersions" => ">=2.3.0,<2.9.3|>=2.0.0,<2.2.26" "source" => "GitHub" "reportedAt" => "2025-12-30 17:44:10" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-59pp-r3rg-353g" ] ] ] [ "advisoryId" => "PKSA-s25b-vbmp-jvhh" "packageName" => "composer/composer" "remoteId" => "GHSA-47f6-5gq3-vx9c" "title" => "Composer has a command injection via malicious git branch name" "link" => "https://github.com/advisories/GHSA-47f6-5gq3-vx9c" "cve" => "CVE-2024-35241" "affectedVersions" => ">=2.3,<2.7.7|>=2.0,<2.2.24" "source" => "GitHub" "reportedAt" => "2024-06-10 21:36:32" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-47f6-5gq3-vx9c" ] ] ] [ "advisoryId" => "PKSA-b8f7-zn44-r4gz" "packageName" => "composer/composer" "remoteId" => "GHSA-v9qv-c7wm-wgmf" "title" => "Composer has multiple command injections via malicious git/hg branch names" "link" => "https://github.com/advisories/GHSA-v9qv-c7wm-wgmf" "cve" => "CVE-2024-35242" "affectedVersions" => ">=2.3,<2.7.7|>=2.0,<2.2.24" "source" => "GitHub" "reportedAt" => "2024-06-10 21:36:25" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-v9qv-c7wm-wgmf" ] ] ] [ "advisoryId" => "PKSA-jn72-4kr8-gj3h" "packageName" => "composer/composer" "remoteId" => "GHSA-7c6p-848j-wh5h" "title" => "Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php" "link" => "https://github.com/advisories/GHSA-7c6p-848j-wh5h" "cve" => "CVE-2024-24821" "affectedVersions" => ">=2.3.0-rc1,<2.7.0|>=2.0.0-alpha1,<2.2.23" "source" => "GitHub" "reportedAt" => "2024-02-08 15:06:38" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-7c6p-848j-wh5h" ] ] ] [ "advisoryId" => "PKSA-m1ph-vmbx-2xd3" "packageName" => "composer/composer" "remoteId" => "GHSA-jm6m-4632-36hf" "title" => "Composer Remote Code Execution vulnerability via web-accessible composer.phar" "link" => "https://github.com/advisories/GHSA-jm6m-4632-36hf" "cve" => "CVE-2023-43655" "affectedVersions" => ">=2.3.0,<2.6.4|>=2.0.0,<2.2.22|<1.10.27" "source" => "GitHub" "reportedAt" => "2023-09-29 20:39:21" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-jm6m-4632-36hf" ] ] ] [ "advisoryId" => "PKSA-6zmq-d6mk-r5wm" "packageName" => "composer/composer" "remoteId" => "composer/composer/CVE-2022-24828.yaml" "title" => "Missing input validation can lead to command execution in composer" "link" => "https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6" "cve" => "CVE-2022-24828" "affectedVersions" => ">=2.3,<2.3.5|>=2.0,<2.2.12|<1.10.26" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-04-13 14:54:58" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "composer/composer/CVE-2022-24828.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-x7cr-6qr6-2hh6" ] ] ] [ "advisoryId" => "PKSA-93hy-9dc1-gbwt" "packageName" => "composer/composer" "remoteId" => "composer/composer/CVE-2021-41116.yaml" "title" => "Improper escaping of command arguments on Windows leading to command injection" "link" => "https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf" "cve" => "CVE-2021-41116" "affectedVersions" => ">=2.0.0-alpha1,<2.1.9|<1.10.23" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2021-10-05 07:39:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "composer/composer/CVE-2021-41116.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-frqg-7g38-6gcf" ] ] ] [ "advisoryId" => "PKSA-9p8h-97x3-qxpm" "packageName" => "composer/composer" "remoteId" => "composer/composer/CVE-2021-29472.yaml" "title" => "Missing argument delimiter can lead to command execution via VCS repository URLs or source download URLs on systems with Mercurial" "link" => "https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx" "cve" => "CVE-2021-29472" "affectedVersions" => ">=2.0.0-alpha1,<2.0.13|<1.10.22" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2021-04-27 11:10:45" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "composer/composer/CVE-2021-29472.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-h5h8-pc6h-jvvx" ] ] ] [ "advisoryId" => "PKSA-qx8p-c3v3-6yfg" "packageName" => "composer/composer" "remoteId" => "composer/composer/CVE-2015-8371.yaml" "title" => "Composer Cache Injection vulnerability" "link" => "http://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html" "cve" => "CVE-2015-8371" "affectedVersions" => "<=1.0.0-alpha11" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2016-02-10 14:51:23" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "composer/composer/CVE-2015-8371.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-725m-w832-q973" ] ] ] ] "guzzlehttp/promises" => [] "paynl/php-sdk" => [] "psr/container" => [] "psr/http-client" => [] "psr/http-factory" => [] "psr/http-message" => [] "ralouphie/getallheaders" => [] "symfony/deprecation-contracts" => [] "async-aws/core" => [] "brick/math" => [] "cocur/slugify" => [] "composer/ca-bundle" => [] "composer/class-map-generator" => [] "composer/metadata-minifier" => [] "composer/pcre" => [] "composer/semver" => [] "composer/spdx-licenses" => [] ] ] ] |
|
| GET | https://packagist.org/api/security-advisories/ | |
|---|---|---|
| Request options | [ "query" => [ "packages" => [ "composer/xdebug-handler" "defuse/php-encryption" "doctrine/dbal" "doctrine/deprecations" "doctrine/event-manager" "doctrine/inflector" "doctrine/instantiator" "doctrine/lexer" "doctrine/persistence" "doctrine/sql-formatter" "dompdf/dompdf" "dompdf/php-font-lib" "dompdf/php-svg-lib" "dragonmantank/cron-expression" "egulias/email-validator" "ezimuel/guzzlestreams" "ezimuel/ringphp" "ezyang/htmlpurifier" "fakerphp/faker" "friendsofphp/proxy-manager-lts" ] ] "timeout" => 15 ] |
|
| Response |
200
[ "info" => [ "header_size" => 1444 "request_size" => 802 "total_time" => 0.041278 "pretransfer_time" => 0.000143 "size_download" => 2688.0 "speed_download" => 65119.0 "starttransfer_time" => 0.041093 "primary_ip" => "169.150.247.35" "primary_port" => 443 "local_ip" => "45.152.250.86" "local_port" => 16816 "http_version" => 3 "protocol" => 2 "scheme" => "https" "pretransfer_time_us" => 143 "starttransfer_time_us" => 41093 "posttransfer_time_us" => 142 "total_time_us" => 41278 "effective_method" => "GET" "cainfo" => "/etc/pki/tls/certs/ca-bundle.crt" "start_time" => 1781720190.1198 "original_url" => "https://packagist.org/api/security-advisories/?packages[0]=composer/xdebug-handler&packages[1]=defuse/php-encryption&packages[2]=doctrine/dbal&packages[3]=doctrine/deprecations&packages[4]=doctrine/event-manager&packages[5]=doctrine/inflector&packages[6]=doctrine/instantiator&packages[7]=doctrine/lexer&packages[8]=doctrine/persistence&packages[9]=doctrine/sql-formatter&packages[10]=dompdf/dompdf&packages[11]=dompdf/php-font-lib&packages[12]=dompdf/php-svg-lib&packages[13]=dragonmantank/cron-expression&packages[14]=egulias/email-validator&packages[15]=ezimuel/guzzlestreams&packages[16]=ezimuel/ringphp&packages[17]=ezyang/htmlpurifier&packages[18]=fakerphp/faker&packages[19]=friendsofphp/proxy-manager-lts" "pause_handler" => Closure(float $duration) {#1519 : "Symfony\Component\HttpClient\Response\CurlResponse" : { : CurlHandle {#1244 …} : Symfony\Component\HttpClient\Internal\CurlClientState {#1362 …} : -9223372036854775798 } } "debug" => """ * Reusing existing https: connection with host packagist.org\n * [HTTP/2] [3] OPENED stream for https://packagist.org/api/security-advisories/?packages[0]=composer/xdebug-handler&packages[1]=defuse/php-encryption&packages[2]=doctrine/dbal&packages[3]=doctrine/deprecations&packages[4]=doctrine/event-manager&packages[5]=doctrine/inflector&packages[6]=doctrine/instantiator&packages[7]=doctrine/lexer&packages[8]=doctrine/persistence&packages[9]=doctrine/sql-formatter&packages[10]=dompdf/dompdf&packages[11]=dompdf/php-font-lib&packages[12]=dompdf/php-svg-lib&packages[13]=dragonmantank/cron-expression&packages[14]=egulias/email-validator&packages[15]=ezimuel/guzzlestreams&packages[16]=ezimuel/ringphp&packages[17]=ezyang/htmlpurifier&packages[18]=fakerphp/faker&packages[19]=friendsofphp/proxy-manager-lts\n * [HTTP/2] [3] [:method: GET]\n * [HTTP/2] [3] [:scheme: https]\n * [HTTP/2] [3] [:authority: packagist.org]\n * [HTTP/2] [3] [:path: /api/security-advisories/?packages[0]=composer/xdebug-handler&packages[1]=defuse/php-encryption&packages[2]=doctrine/dbal&packages[3]=doctrine/deprecations&packages[4]=doctrine/event-manager&packages[5]=doctrine/inflector&packages[6]=doctrine/instantiator&packages[7]=doctrine/lexer&packages[8]=doctrine/persistence&packages[9]=doctrine/sql-formatter&packages[10]=dompdf/dompdf&packages[11]=dompdf/php-font-lib&packages[12]=dompdf/php-svg-lib&packages[13]=dragonmantank/cron-expression&packages[14]=egulias/email-validator&packages[15]=ezimuel/guzzlestreams&packages[16]=ezimuel/ringphp&packages[17]=ezyang/htmlpurifier&packages[18]=fakerphp/faker&packages[19]=friendsofphp/proxy-manager-lts]\n * [HTTP/2] [3] [accept: */*]\n * [HTTP/2] [3] [user-agent: Symfony HttpClient (Curl)]\n * [HTTP/2] [3] [accept-encoding: gzip]\n > GET /api/security-advisories/?packages[0]=composer/xdebug-handler&packages[1]=defuse/php-encryption&packages[2]=doctrine/dbal&packages[3]=doctrine/deprecations&packages[4]=doctrine/event-manager&packages[5]=doctrine/inflector&packages[6]=doctrine/instantiator&packages[7]=doctrine/lexer&packages[8]=doctrine/persistence&packages[9]=doctrine/sql-formatter&packages[10]=dompdf/dompdf&packages[11]=dompdf/php-font-lib&packages[12]=dompdf/php-svg-lib&packages[13]=dragonmantank/cron-expression&packages[14]=egulias/email-validator&packages[15]=ezimuel/guzzlestreams&packages[16]=ezimuel/ringphp&packages[17]=ezyang/htmlpurifier&packages[18]=fakerphp/faker&packages[19]=friendsofphp/proxy-manager-lts HTTP/2\r\n Host: packagist.org\r\n Accept: */*\r\n User-Agent: Symfony HttpClient (Curl)\r\n Accept-Encoding: gzip\r\n \r\n * Request completely sent off\n < HTTP/2 200 \r\n < date: Wed, 17 Jun 2026 18:16:30 GMT\r\n < content-type: application/json\r\n < vary: Accept-Encoding\r\n < server: BunnyCDN-DE1-1078\r\n < cdn-pullzone: 3535225\r\n < cdn-requestcountrycode: NL\r\n < cache-control: max-age=0, must-revalidate, private\r\n < expires: Wed, 17 Jun 2026 18:16:30 GMT\r\n < strict-transport-security: max-age=31104000\r\n < x-frame-options: DENY\r\n < content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-xss-protection: 1; mode=block\r\n < referrer-policy: strict-origin-when-cross-origin\r\n < x-content-type-options: nosniff\r\n < cdn-proxyver: 1.57\r\n < cdn-requestpullsuccess: True\r\n < cdn-requestpullcode: 200\r\n < cdn-cachedat: 06/17/2026 18:16:30\r\n < cdn-edgestorageid: 1053\r\n < cdn-requestid: c013e74af2de1fa196ae96b77615011a\r\n < cdn-cache: MISS\r\n < cdn-status: 200\r\n < cdn-requesttime: 0\r\n < content-encoding: gzip\r\n < \r\n """ ] "url" => "https://packagist.org/api/security-advisories/?packages[0]=composer/xdebug-handler&packages[1]=defuse/php-encryption&packages[2]=doctrine/dbal&packages[3]=doctrine/deprecations&packages[4]=doctrine/event-manager&packages[5]=doctrine/inflector&packages[6]=doctrine/instantiator&packages[7]=doctrine/lexer&packages[8]=doctrine/persistence&packages[9]=doctrine/sql-formatter&packages[10]=dompdf/dompdf&packages[11]=dompdf/php-font-lib&packages[12]=dompdf/php-svg-lib&packages[13]=dragonmantank/cron-expression&packages[14]=egulias/email-validator&packages[15]=ezimuel/guzzlestreams&packages[16]=ezimuel/ringphp&packages[17]=ezyang/htmlpurifier&packages[18]=fakerphp/faker&packages[19]=friendsofphp/proxy-manager-lts" "response_headers" => [ "HTTP/2 200 " "date: Wed, 17 Jun 2026 18:16:30 GMT" "content-type: application/json" "vary: Accept-Encoding" "server: BunnyCDN-DE1-1078" "cdn-pullzone: 3535225" "cdn-requestcountrycode: NL" "cache-control: max-age=0, must-revalidate, private" "expires: Wed, 17 Jun 2026 18:16:30 GMT" "strict-transport-security: max-age=31104000" "x-frame-options: DENY" "content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-xss-protection: 1; mode=block" "referrer-policy: strict-origin-when-cross-origin" "x-content-type-options: nosniff" "cdn-proxyver: 1.57" "cdn-requestpullsuccess: True" "cdn-requestpullcode: 200" "cdn-cachedat: 06/17/2026 18:16:30" "cdn-edgestorageid: 1053" "cdn-requestid: c013e74af2de1fa196ae96b77615011a" "cdn-cache: MISS" "cdn-status: 200" "cdn-requesttime: 0" "content-encoding: gzip" ] "response_json" => [ "advisories" => [ "doctrine/dbal" => [ [ "advisoryId" => "PKSA-zr2w-r29k-4d9q" "packageName" => "doctrine/dbal" "remoteId" => "doctrine/dbal/CVE-2021-43608.yaml" "title" => "SQL Injection in Limit Clause Generation API" "link" => "https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622" "cve" => "CVE-2021-43608" "affectedVersions" => ">=3.0.0,<3.0.99|>=3.1.0,<3.1.4" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2021-11-11 13:30:00" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "doctrine/dbal/CVE-2021-43608.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-r7cj-8hjg-x622" ] ] ] [ "advisoryId" => "PKSA-1hnn-m3vz-cr6v" "packageName" => "doctrine/dbal" "remoteId" => "doctrine/dbal/2011-09-25.yaml" "title" => "SQL injection possibility" "link" => "https://www.doctrine-project.org/blog/dbal-security-2011-1.html" "cve" => null "affectedVersions" => ">=2.0.0,<2.0.8|>=2.1.0,<2.1.2" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2011-09-25 00:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "doctrine/dbal/2011-09-25.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-76w8-mqx4-wjrf" ] ] ] ] "dompdf/dompdf" => [ [ "advisoryId" => "PKSA-qstp-ffwg-8hp6" "packageName" => "dompdf/dompdf" "remoteId" => "GHSA-3vjh-xrhf-v9xh" "title" => "Improper Restriction of XML External Entity Reference in dompdf/dompdf" "link" => "https://github.com/advisories/GHSA-3vjh-xrhf-v9xh" "cve" => "CVE-2021-3902" "affectedVersions" => "<2.0.0" "source" => "GitHub" "reportedAt" => "2024-11-15 12:31:44" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-3vjh-xrhf-v9xh" ] ] ] [ "advisoryId" => "PKSA-5vz3-q51h-7mg4" "packageName" => "dompdf/dompdf" "remoteId" => "GHSA-577p-7j7h-2jgf" "title" => "Deserialization of Untrusted Data in dompdf/dompdf" "link" => "https://github.com/advisories/GHSA-577p-7j7h-2jgf" "cve" => "CVE-2021-3838" "affectedVersions" => "<2.0.0" "source" => "GitHub" "reportedAt" => "2024-11-15 12:31:44" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-577p-7j7h-2jgf" ] ] ] [ "advisoryId" => "PKSA-7ztm-rpt3-qqzk" "packageName" => "dompdf/dompdf" "remoteId" => "dompdf/dompdf/CVE-2023-50262.yaml" "title" => "Denial of service caused by infinite recursion when parsing SVG images" "link" => "https://nvd.nist.gov/vuln/detail/CVE-2023-50262" "cve" => "CVE-2023-50262" "affectedVersions" => "<2.0.4" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2023-12-12 09:17:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "dompdf/dompdf/CVE-2023-50262.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-3qx2-6f78-w2j2" ] ] ] [ "advisoryId" => "PKSA-2kw5-jd8w-5mvh" "packageName" => "dompdf/dompdf" "remoteId" => "GHSA-56gj-mvh6-rp75" "title" => "URI validation failure on SVG parsing. Bypass of CVE-2023-23924" "link" => "https://github.com/advisories/GHSA-56gj-mvh6-rp75" "cve" => "CVE-2023-24813" "affectedVersions" => "=2.0.2" "source" => "GitHub" "reportedAt" => "2023-02-07 18:16:23" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-56gj-mvh6-rp75" ] ] ] [ "advisoryId" => "PKSA-4jrs-y99s-q8j6" "packageName" => "dompdf/dompdf" "remoteId" => "dompdf/dompdf/CVE-2023-23924.yaml" "title" => "Dompdf vulnerable to URI validation failure on SVG parsing" "link" => "https://github.com/advisories/GHSA-3cw5-7cxw-v5qg" "cve" => "CVE-2023-23924" "affectedVersions" => "<2.0.2" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2023-01-31 14:30:00" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "dompdf/dompdf/CVE-2023-23924.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-3cw5-7cxw-v5qg" ] ] ] [ "advisoryId" => "PKSA-hbk6-2vfz-8f8n" "packageName" => "dompdf/dompdf" "remoteId" => "dompdf/dompdf/CVE-2022-41343.yaml" "title" => "Remote file inclusion" "link" => "https://github.com/advisories/GHSA-6x28-7h8c-chx4" "cve" => "CVE-2022-41343" "affectedVersions" => "<2.0.1" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-09-22 13:54:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "dompdf/dompdf/CVE-2022-41343.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-6x28-7h8c-chx4" ] ] ] [ "advisoryId" => "PKSA-kj9c-tr41-t8mj" "packageName" => "dompdf/dompdf" "remoteId" => "GHSA-5qj8-6xxj-hp9h" "title" => "Dompdf before v2.0.0 vulnerable to chroot check bypass" "link" => "https://github.com/advisories/GHSA-5qj8-6xxj-hp9h" "cve" => "CVE-2022-2400" "affectedVersions" => "<2.0.0" "source" => "GitHub" "reportedAt" => "2022-07-19 00:00:26" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-5qj8-6xxj-hp9h" ] ] ] [ "advisoryId" => "PKSA-872h-8556-2chm" "packageName" => "dompdf/dompdf" "remoteId" => "dompdf/dompdf/CVE-2022-0085.yaml" "title" => "Server-Side Request Forgery in dompdf/dompdf" "link" => "https://github.com/advisories/GHSA-pf6p-25r2-fx45" "cve" => "CVE-2022-0085" "affectedVersions" => "<2.0.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-06-23 13:55:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "dompdf/dompdf/CVE-2022-0085.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-pf6p-25r2-fx45" ] ] ] [ "advisoryId" => "PKSA-99tj-gg5v-4g74" "packageName" => "dompdf/dompdf" "remoteId" => "dompdf/dompdf/CVE-2022-28368.yaml" "title" => "Remote code injection via remote fonts" "link" => "https://github.com/advisories/GHSA-x752-qjv4-c4hc" "cve" => "CVE-2022-28368" "affectedVersions" => "<1.2.1" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-03-24 13:59:00" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "dompdf/dompdf/CVE-2022-28368.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-x752-qjv4-c4hc" ] ] ] [ "advisoryId" => "PKSA-5s2b-r7bs-gpkz" "packageName" => "dompdf/dompdf" "remoteId" => "dompdf/dompdf/CVE-2014-5012.yaml" "title" => "Denial Of Service Vector" "link" => "https://github.com/dompdf/dompdf/releases/tag/v0.6.2" "cve" => "CVE-2014-5012" "affectedVersions" => ">=0.6,<0.6.2" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2015-12-07 00:07:13" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "dompdf/dompdf/CVE-2014-5012.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-q83c-64c9-c42m" ] ] ] [ "advisoryId" => "PKSA-cy5h-xj19-9vd7" "packageName" => "dompdf/dompdf" "remoteId" => "dompdf/dompdf/CVE-2014-5013.yaml" "title" => "Remote Code Execution (complement of CVE-2014-2383)" "link" => "https://github.com/dompdf/dompdf/releases/tag/v0.6.2" "cve" => "CVE-2014-5013" "affectedVersions" => ">=0.6,<0.6.2" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2015-12-07 00:07:13" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "dompdf/dompdf/CVE-2014-5013.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-jjwj-w3gc-gcw4" ] ] ] [ "advisoryId" => "PKSA-jkcx-z3k3-bbrv" "packageName" => "dompdf/dompdf" "remoteId" => "dompdf/dompdf/CVE-2014-5011.yaml" "title" => "Information Disclosure" "link" => "https://github.com/dompdf/dompdf/releases/tag/v0.6.2" "cve" => "CVE-2014-5011" "affectedVersions" => ">=0.6,<0.6.2" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2015-12-07 00:07:13" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "dompdf/dompdf/CVE-2014-5011.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-jwf8-mjj8-r8hq" ] ] ] [ "advisoryId" => "PKSA-pw9z-cywx-mmj2" "packageName" => "dompdf/dompdf" "remoteId" => "dompdf/dompdf/CVE-2010-4879.yaml" "title" => "PHP remote file inclusion vulnerability in dompdf.php" "link" => "https://github.com/dompdf/dompdf/releases/tag/v0.6.2" "cve" => "CVE-2010-4879" "affectedVersions" => ">=0.6,<0.6.1" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2014-03-10 21:57:58" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "dompdf/dompdf/CVE-2010-4879.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-48r9-4v93-x4wh" ] ] ] [ "advisoryId" => "PKSA-s5g4-3y43-c9p2" "packageName" => "dompdf/dompdf" "remoteId" => "dompdf/dompdf/CVE-2014-2383.yaml" "title" => "Arbitrary file read in dompdf" "link" => "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/" "cve" => "CVE-2014-2383" "affectedVersions" => ">=0.6.0,<0.6.1" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2014-03-10 21:57:58" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "dompdf/dompdf/CVE-2014-2383.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-qr6q-w4gj-3865" ] ] ] ] "ezyang/htmlpurifier" => [ [ "advisoryId" => "PKSA-bscq-3hjz-7cqm" "packageName" => "ezyang/htmlpurifier" "remoteId" => "GHSA-jw86-5cjf-mv79" "title" => "HTML Purifier allows remote attackers to obtain sensitive information" "link" => "https://github.com/advisories/GHSA-jw86-5cjf-mv79" "cve" => "CVE-2011-3744" "affectedVersions" => "<=4.2.0" "source" => "GitHub" "reportedAt" => "2022-05-17 05:31:55" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-jw86-5cjf-mv79" ] ] ] [ "advisoryId" => "PKSA-393x-4q3x-x5sn" "packageName" => "ezyang/htmlpurifier" "remoteId" => "GHSA-6fh7-fwqj-mv49" "title" => "HTML Purifier Cross-site Scripting vulnerability" "link" => "https://github.com/advisories/GHSA-6fh7-fwqj-mv49" "cve" => "CVE-2007-3498" "affectedVersions" => "<2.0.1" "source" => "GitHub" "reportedAt" => "2022-05-01 18:14:25" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-6fh7-fwqj-mv49" ] ] ] [ "advisoryId" => "PKSA-mxmm-yhr7-jf8c" "packageName" => "ezyang/htmlpurifier" "remoteId" => "ezyang/htmlpurifier/CVE-2010-2479.yaml" "title" => "XSS vulnerability exploitable on Internet Explorer" "link" => "http://htmlpurifier.org/news/2010/0531-4.1.1-released" "cve" => "CVE-2010-2479" "affectedVersions" => "<4.1.1" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2010-06-01 00:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "ezyang/htmlpurifier/CVE-2010-2479.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-6rm6-mjmh-86jq" ] ] ] [ "advisoryId" => "PKSA-dcn7-gtzn-nbj6" "packageName" => "ezyang/htmlpurifier" "remoteId" => "ezyang/htmlpurifier/CVE-2010-4183.yaml" "title" => "Multiple XSS vulnerabilities exploitable on Internet Explorer" "link" => "http://htmlpurifier.org/security/2010/css-quoting" "cve" => "CVE-2010-4183" "affectedVersions" => "<4.1.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2010-04-26 16:06:06" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "ezyang/htmlpurifier/CVE-2010-4183.yaml" ] [ "name" => "GitHub" "remoteId" => "GHSA-3p68-m5qw-9g9w" ] ] ] ] "composer/xdebug-handler" => [] "defuse/php-encryption" => [] "doctrine/deprecations" => [] "doctrine/event-manager" => [] "doctrine/inflector" => [] "doctrine/instantiator" => [] "doctrine/lexer" => [] "doctrine/persistence" => [] "doctrine/sql-formatter" => [] "dompdf/php-font-lib" => [] "dompdf/php-svg-lib" => [] "dragonmantank/cron-expression" => [] "egulias/email-validator" => [] "ezimuel/guzzlestreams" => [] "ezimuel/ringphp" => [] "fakerphp/faker" => [] "friendsofphp/proxy-manager-lts" => [] ] ] ] |
|
| GET | https://packagist.org/api/security-advisories/ | |
|---|---|---|
| Request options | [ "query" => [ "packages" => [ "goetas-webservices/xsd2php-runtime" "horstoeko/mimedb" "horstoeko/stringmanagement" "horstoeko/zugferd" "jms/metadata" "jms/serializer" "justinrainbow/json-schema" "laminas/laminas-code" "lcobucci/clock" "lcobucci/jwt" "league/event" "league/flysystem" "league/flysystem-local" "league/flysystem-memory" "league/mime-type-detection" "league/oauth2-server" "league/uri" "league/uri-interfaces" "marc-mabe/php-enum" "masterminds/html5" ] ] "timeout" => 15 ] |
|
| Response |
200
[ "info" => [ "header_size" => 1443 "request_size" => 781 "total_time" => 0.035772 "pretransfer_time" => 0.000146 "size_download" => 985.0 "speed_download" => 27535.0 "starttransfer_time" => 0.035355 "primary_ip" => "169.150.247.35" "primary_port" => 443 "local_ip" => "45.152.250.86" "local_port" => 16816 "http_version" => 3 "protocol" => 2 "scheme" => "https" "pretransfer_time_us" => 146 "starttransfer_time_us" => 35355 "posttransfer_time_us" => 146 "total_time_us" => 35772 "effective_method" => "GET" "cainfo" => "/etc/pki/tls/certs/ca-bundle.crt" "start_time" => 1781720190.162 "original_url" => "https://packagist.org/api/security-advisories/?packages[0]=goetas-webservices/xsd2php-runtime&packages[1]=horstoeko/mimedb&packages[2]=horstoeko/stringmanagement&packages[3]=horstoeko/zugferd&packages[4]=jms/metadata&packages[5]=jms/serializer&packages[6]=justinrainbow/json-schema&packages[7]=laminas/laminas-code&packages[8]=lcobucci/clock&packages[9]=lcobucci/jwt&packages[10]=league/event&packages[11]=league/flysystem&packages[12]=league/flysystem-local&packages[13]=league/flysystem-memory&packages[14]=league/mime-type-detection&packages[15]=league/oauth2-server&packages[16]=league/uri&packages[17]=league/uri-interfaces&packages[18]=marc-mabe/php-enum&packages[19]=masterminds/html5" "pause_handler" => Closure(float $duration) {#1516 : "Symfony\Component\HttpClient\Response\CurlResponse" : { : CurlHandle {#1520 …} : Symfony\Component\HttpClient\Internal\CurlClientState {#1362 …} : -9223372036854775795 } } "debug" => """ * Reusing existing https: connection with host packagist.org\n * [HTTP/2] [5] OPENED stream for https://packagist.org/api/security-advisories/?packages[0]=goetas-webservices/xsd2php-runtime&packages[1]=horstoeko/mimedb&packages[2]=horstoeko/stringmanagement&packages[3]=horstoeko/zugferd&packages[4]=jms/metadata&packages[5]=jms/serializer&packages[6]=justinrainbow/json-schema&packages[7]=laminas/laminas-code&packages[8]=lcobucci/clock&packages[9]=lcobucci/jwt&packages[10]=league/event&packages[11]=league/flysystem&packages[12]=league/flysystem-local&packages[13]=league/flysystem-memory&packages[14]=league/mime-type-detection&packages[15]=league/oauth2-server&packages[16]=league/uri&packages[17]=league/uri-interfaces&packages[18]=marc-mabe/php-enum&packages[19]=masterminds/html5\n * [HTTP/2] [5] [:method: GET]\n * [HTTP/2] [5] [:scheme: https]\n * [HTTP/2] [5] [:authority: packagist.org]\n * [HTTP/2] [5] [:path: /api/security-advisories/?packages[0]=goetas-webservices/xsd2php-runtime&packages[1]=horstoeko/mimedb&packages[2]=horstoeko/stringmanagement&packages[3]=horstoeko/zugferd&packages[4]=jms/metadata&packages[5]=jms/serializer&packages[6]=justinrainbow/json-schema&packages[7]=laminas/laminas-code&packages[8]=lcobucci/clock&packages[9]=lcobucci/jwt&packages[10]=league/event&packages[11]=league/flysystem&packages[12]=league/flysystem-local&packages[13]=league/flysystem-memory&packages[14]=league/mime-type-detection&packages[15]=league/oauth2-server&packages[16]=league/uri&packages[17]=league/uri-interfaces&packages[18]=marc-mabe/php-enum&packages[19]=masterminds/html5]\n * [HTTP/2] [5] [accept: */*]\n * [HTTP/2] [5] [user-agent: Symfony HttpClient (Curl)]\n * [HTTP/2] [5] [accept-encoding: gzip]\n > GET /api/security-advisories/?packages[0]=goetas-webservices/xsd2php-runtime&packages[1]=horstoeko/mimedb&packages[2]=horstoeko/stringmanagement&packages[3]=horstoeko/zugferd&packages[4]=jms/metadata&packages[5]=jms/serializer&packages[6]=justinrainbow/json-schema&packages[7]=laminas/laminas-code&packages[8]=lcobucci/clock&packages[9]=lcobucci/jwt&packages[10]=league/event&packages[11]=league/flysystem&packages[12]=league/flysystem-local&packages[13]=league/flysystem-memory&packages[14]=league/mime-type-detection&packages[15]=league/oauth2-server&packages[16]=league/uri&packages[17]=league/uri-interfaces&packages[18]=marc-mabe/php-enum&packages[19]=masterminds/html5 HTTP/2\r\n Host: packagist.org\r\n Accept: */*\r\n User-Agent: Symfony HttpClient (Curl)\r\n Accept-Encoding: gzip\r\n \r\n * Request completely sent off\n < HTTP/2 200 \r\n < date: Wed, 17 Jun 2026 18:16:30 GMT\r\n < content-type: application/json\r\n < vary: Accept-Encoding\r\n < server: BunnyCDN-DE1-1078\r\n < cdn-pullzone: 3535225\r\n < cdn-requestcountrycode: NL\r\n < cache-control: max-age=0, must-revalidate, private\r\n < expires: Wed, 17 Jun 2026 18:16:30 GMT\r\n < strict-transport-security: max-age=31104000\r\n < x-frame-options: DENY\r\n < content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-xss-protection: 1; mode=block\r\n < referrer-policy: strict-origin-when-cross-origin\r\n < x-content-type-options: nosniff\r\n < cdn-proxyver: 1.57\r\n < cdn-requestpullsuccess: True\r\n < cdn-requestpullcode: 200\r\n < cdn-cachedat: 06/17/2026 18:16:30\r\n < cdn-edgestorageid: 752\r\n < cdn-requestid: 5561b2468d4773b98a24b619e32a9b19\r\n < cdn-cache: MISS\r\n < cdn-status: 200\r\n < cdn-requesttime: 0\r\n < content-encoding: gzip\r\n < \r\n """ ] "url" => "https://packagist.org/api/security-advisories/?packages[0]=goetas-webservices/xsd2php-runtime&packages[1]=horstoeko/mimedb&packages[2]=horstoeko/stringmanagement&packages[3]=horstoeko/zugferd&packages[4]=jms/metadata&packages[5]=jms/serializer&packages[6]=justinrainbow/json-schema&packages[7]=laminas/laminas-code&packages[8]=lcobucci/clock&packages[9]=lcobucci/jwt&packages[10]=league/event&packages[11]=league/flysystem&packages[12]=league/flysystem-local&packages[13]=league/flysystem-memory&packages[14]=league/mime-type-detection&packages[15]=league/oauth2-server&packages[16]=league/uri&packages[17]=league/uri-interfaces&packages[18]=marc-mabe/php-enum&packages[19]=masterminds/html5" "response_headers" => [ "HTTP/2 200 " "date: Wed, 17 Jun 2026 18:16:30 GMT" "content-type: application/json" "vary: Accept-Encoding" "server: BunnyCDN-DE1-1078" "cdn-pullzone: 3535225" "cdn-requestcountrycode: NL" "cache-control: max-age=0, must-revalidate, private" "expires: Wed, 17 Jun 2026 18:16:30 GMT" "strict-transport-security: max-age=31104000" "x-frame-options: DENY" "content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-xss-protection: 1; mode=block" "referrer-policy: strict-origin-when-cross-origin" "x-content-type-options: nosniff" "cdn-proxyver: 1.57" "cdn-requestpullsuccess: True" "cdn-requestpullcode: 200" "cdn-cachedat: 06/17/2026 18:16:30" "cdn-edgestorageid: 752" "cdn-requestid: 5561b2468d4773b98a24b619e32a9b19" "cdn-cache: MISS" "cdn-status: 200" "cdn-requesttime: 0" "content-encoding: gzip" ] "response_json" => [ "advisories" => [ "lcobucci/jwt" => [ [ "advisoryId" => "PKSA-876w-myjj-h9h4" "packageName" => "lcobucci/jwt" "remoteId" => "lcobucci/jwt/CVE-2021-41106.yaml" "title" => "CVE-2021-41106: File reference keys leads to incorrect hashes on HMAC algorithms" "link" => "https://github.com/lcobucci/jwt/security/advisories/GHSA-7322-jrq4-x5hf" "cve" => "CVE-2021-41106" "affectedVersions" => ">=3.4.0,<3.4.6|>=4.0.0,<4.0.4|>=4.1.0,<4.1.5" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2021-09-28 19:36:49" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-7322-jrq4-x5hf" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "lcobucci/jwt/CVE-2021-41106.yaml" ] ] ] ] "league/flysystem" => [ [ "advisoryId" => "PKSA-pwh8-d4fr-nywn" "packageName" => "league/flysystem" "remoteId" => "league/flysystem/CVE-2021-32708.yaml" "title" => "TOCTOU Race Condition enabling remote code execution" "link" => "https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm" "cve" => "CVE-2021-32708" "affectedVersions" => "<1.1.4|>=2.0.0,<2.1.1" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2021-06-23 23:56:59" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-9f46-5r25-5wfm" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "league/flysystem/CVE-2021-32708.yaml" ] ] ] ] "league/oauth2-server" => [ [ "advisoryId" => "PKSA-pc52-dbxt-c1w6" "packageName" => "league/oauth2-server" "remoteId" => "GHSA-wj7q-gjg8-3cpm" "title" => "league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase" "link" => "https://github.com/advisories/GHSA-wj7q-gjg8-3cpm" "cve" => "CVE-2023-37260" "affectedVersions" => ">=8.5.0,<8.5.3|>=8.3.2,<8.4.2" "source" => "GitHub" "reportedAt" => "2023-07-06 21:07:27" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-wj7q-gjg8-3cpm" ] ] ] ] "goetas-webservices/xsd2php-runtime" => [] "horstoeko/mimedb" => [] "horstoeko/stringmanagement" => [] "horstoeko/zugferd" => [] "jms/metadata" => [] "jms/serializer" => [] "justinrainbow/json-schema" => [] "laminas/laminas-code" => [] "lcobucci/clock" => [] "league/event" => [] "league/flysystem-local" => [] "league/flysystem-memory" => [] "league/mime-type-detection" => [] "league/uri" => [] "league/uri-interfaces" => [] "marc-mabe/php-enum" => [] "masterminds/html5" => [] ] ] ] |
|
| GET | https://packagist.org/api/security-advisories/ | |
|---|---|---|
| Request options | [ "query" => [ "packages" => [ "mbezhanov/faker-provider-collection" "meyfa/php-svg" "monolog/monolog" "myclabs/deep-copy" "nikic/php-parser" "nyholm/psr7" "opensearch-project/opensearch-php" "padaliyajay/php-autoprefixer" "paragonie/constant_time_encoding" "pentatrion/vite-bundle" "phar-io/manifest" "phar-io/version" "phpseclib/phpseclib" "phpstan/phpdoc-parser" "phpunit/php-code-coverage" "phpunit/php-file-iterator" "phpunit/php-invoker" "phpunit/php-text-template" "phpunit/php-timer" "phpunit/phpunit" ] ] "timeout" => 15 ] |
|
| Response |
200
[ "info" => [ "header_size" => 1444 "request_size" => 825 "total_time" => 0.043803 "pretransfer_time" => 0.00012 "size_download" => 2601.0 "speed_download" => 59379.0 "starttransfer_time" => 0.043593 "primary_ip" => "169.150.247.35" "primary_port" => 443 "local_ip" => "45.152.250.86" "local_port" => 16816 "http_version" => 3 "protocol" => 2 "scheme" => "https" "pretransfer_time_us" => 120 "starttransfer_time_us" => 43593 "posttransfer_time_us" => 120 "total_time_us" => 43803 "effective_method" => "GET" "cainfo" => "/etc/pki/tls/certs/ca-bundle.crt" "start_time" => 1781720190.1982 "original_url" => "https://packagist.org/api/security-advisories/?packages[0]=mbezhanov/faker-provider-collection&packages[1]=meyfa/php-svg&packages[2]=monolog/monolog&packages[3]=myclabs/deep-copy&packages[4]=nikic/php-parser&packages[5]=nyholm/psr7&packages[6]=opensearch-project/opensearch-php&packages[7]=padaliyajay/php-autoprefixer&packages[8]=paragonie/constant_time_encoding&packages[9]=pentatrion/vite-bundle&packages[10]=phar-io/manifest&packages[11]=phar-io/version&packages[12]=phpseclib/phpseclib&packages[13]=phpstan/phpdoc-parser&packages[14]=phpunit/php-code-coverage&packages[15]=phpunit/php-file-iterator&packages[16]=phpunit/php-invoker&packages[17]=phpunit/php-text-template&packages[18]=phpunit/php-timer&packages[19]=phpunit/phpunit" "pause_handler" => Closure(float $duration) {#1527 : "Symfony\Component\HttpClient\Response\CurlResponse" : { : CurlHandle {#1235 …} : Symfony\Component\HttpClient\Internal\CurlClientState {#1362 …} : -9223372036854775792 } } "debug" => """ * Reusing existing https: connection with host packagist.org\n * [HTTP/2] [7] OPENED stream for https://packagist.org/api/security-advisories/?packages[0]=mbezhanov/faker-provider-collection&packages[1]=meyfa/php-svg&packages[2]=monolog/monolog&packages[3]=myclabs/deep-copy&packages[4]=nikic/php-parser&packages[5]=nyholm/psr7&packages[6]=opensearch-project/opensearch-php&packages[7]=padaliyajay/php-autoprefixer&packages[8]=paragonie/constant_time_encoding&packages[9]=pentatrion/vite-bundle&packages[10]=phar-io/manifest&packages[11]=phar-io/version&packages[12]=phpseclib/phpseclib&packages[13]=phpstan/phpdoc-parser&packages[14]=phpunit/php-code-coverage&packages[15]=phpunit/php-file-iterator&packages[16]=phpunit/php-invoker&packages[17]=phpunit/php-text-template&packages[18]=phpunit/php-timer&packages[19]=phpunit/phpunit\n * [HTTP/2] [7] [:method: GET]\n * [HTTP/2] [7] [:scheme: https]\n * [HTTP/2] [7] [:authority: packagist.org]\n * [HTTP/2] [7] [:path: /api/security-advisories/?packages[0]=mbezhanov/faker-provider-collection&packages[1]=meyfa/php-svg&packages[2]=monolog/monolog&packages[3]=myclabs/deep-copy&packages[4]=nikic/php-parser&packages[5]=nyholm/psr7&packages[6]=opensearch-project/opensearch-php&packages[7]=padaliyajay/php-autoprefixer&packages[8]=paragonie/constant_time_encoding&packages[9]=pentatrion/vite-bundle&packages[10]=phar-io/manifest&packages[11]=phar-io/version&packages[12]=phpseclib/phpseclib&packages[13]=phpstan/phpdoc-parser&packages[14]=phpunit/php-code-coverage&packages[15]=phpunit/php-file-iterator&packages[16]=phpunit/php-invoker&packages[17]=phpunit/php-text-template&packages[18]=phpunit/php-timer&packages[19]=phpunit/phpunit]\n * [HTTP/2] [7] [accept: */*]\n * [HTTP/2] [7] [user-agent: Symfony HttpClient (Curl)]\n * [HTTP/2] [7] [accept-encoding: gzip]\n > GET /api/security-advisories/?packages[0]=mbezhanov/faker-provider-collection&packages[1]=meyfa/php-svg&packages[2]=monolog/monolog&packages[3]=myclabs/deep-copy&packages[4]=nikic/php-parser&packages[5]=nyholm/psr7&packages[6]=opensearch-project/opensearch-php&packages[7]=padaliyajay/php-autoprefixer&packages[8]=paragonie/constant_time_encoding&packages[9]=pentatrion/vite-bundle&packages[10]=phar-io/manifest&packages[11]=phar-io/version&packages[12]=phpseclib/phpseclib&packages[13]=phpstan/phpdoc-parser&packages[14]=phpunit/php-code-coverage&packages[15]=phpunit/php-file-iterator&packages[16]=phpunit/php-invoker&packages[17]=phpunit/php-text-template&packages[18]=phpunit/php-timer&packages[19]=phpunit/phpunit HTTP/2\r\n Host: packagist.org\r\n Accept: */*\r\n User-Agent: Symfony HttpClient (Curl)\r\n Accept-Encoding: gzip\r\n \r\n * Request completely sent off\n < HTTP/2 200 \r\n < date: Wed, 17 Jun 2026 18:16:30 GMT\r\n < content-type: application/json\r\n < vary: Accept-Encoding\r\n < server: BunnyCDN-DE1-1078\r\n < cdn-pullzone: 3535225\r\n < cdn-requestcountrycode: NL\r\n < cache-control: max-age=0, must-revalidate, private\r\n < expires: Wed, 17 Jun 2026 18:16:30 GMT\r\n < strict-transport-security: max-age=31104000\r\n < x-frame-options: DENY\r\n < content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-xss-protection: 1; mode=block\r\n < referrer-policy: strict-origin-when-cross-origin\r\n < x-content-type-options: nosniff\r\n < cdn-proxyver: 1.57\r\n < cdn-requestpullsuccess: True\r\n < cdn-requestpullcode: 200\r\n < cdn-cachedat: 06/17/2026 18:16:30\r\n < cdn-edgestorageid: 1047\r\n < cdn-requestid: 0df81f4c2e1f0255840b69408dadae32\r\n < cdn-cache: MISS\r\n < cdn-status: 200\r\n < cdn-requesttime: 0\r\n < content-encoding: gzip\r\n < \r\n """ ] "url" => "https://packagist.org/api/security-advisories/?packages[0]=mbezhanov/faker-provider-collection&packages[1]=meyfa/php-svg&packages[2]=monolog/monolog&packages[3]=myclabs/deep-copy&packages[4]=nikic/php-parser&packages[5]=nyholm/psr7&packages[6]=opensearch-project/opensearch-php&packages[7]=padaliyajay/php-autoprefixer&packages[8]=paragonie/constant_time_encoding&packages[9]=pentatrion/vite-bundle&packages[10]=phar-io/manifest&packages[11]=phar-io/version&packages[12]=phpseclib/phpseclib&packages[13]=phpstan/phpdoc-parser&packages[14]=phpunit/php-code-coverage&packages[15]=phpunit/php-file-iterator&packages[16]=phpunit/php-invoker&packages[17]=phpunit/php-text-template&packages[18]=phpunit/php-timer&packages[19]=phpunit/phpunit" "response_headers" => [ "HTTP/2 200 " "date: Wed, 17 Jun 2026 18:16:30 GMT" "content-type: application/json" "vary: Accept-Encoding" "server: BunnyCDN-DE1-1078" "cdn-pullzone: 3535225" "cdn-requestcountrycode: NL" "cache-control: max-age=0, must-revalidate, private" "expires: Wed, 17 Jun 2026 18:16:30 GMT" "strict-transport-security: max-age=31104000" "x-frame-options: DENY" "content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-xss-protection: 1; mode=block" "referrer-policy: strict-origin-when-cross-origin" "x-content-type-options: nosniff" "cdn-proxyver: 1.57" "cdn-requestpullsuccess: True" "cdn-requestpullcode: 200" "cdn-cachedat: 06/17/2026 18:16:30" "cdn-edgestorageid: 1047" "cdn-requestid: 0df81f4c2e1f0255840b69408dadae32" "cdn-cache: MISS" "cdn-status: 200" "cdn-requesttime: 0" "content-encoding: gzip" ] "response_json" => [ "advisories" => [ "monolog/monolog" => [ [ "advisoryId" => "PKSA-dmw8-jd8k-q3c6" "packageName" => "monolog/monolog" "remoteId" => "monolog/monolog/2014-12-29-1.yaml" "title" => "Header injection in NativeMailerHandler" "link" => "https://github.com/Seldaek/monolog/pull/448#issuecomment-68208704" "cve" => null "affectedVersions" => ">=1.8.0,<1.12.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2014-12-29 00:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-f57v-q966-7fh6" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "monolog/monolog/2014-12-29-1.yaml" ] ] ] ] "nyholm/psr7" => [ [ "advisoryId" => "PKSA-8ds9-sp96-ghmb" "packageName" => "nyholm/psr7" "remoteId" => "nyholm/psr7/2023-04-17.yaml" "title" => "Improper Input Validation in headers" "link" => "https://github.com/advisories/GHSA-wjfc-pgfp-pv9c" "cve" => null "affectedVersions" => "<1.6.1" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2023-04-17 00:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-wjfc-pgfp-pv9c" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "nyholm/psr7/2023-04-17.yaml" ] ] ] ] "phpseclib/phpseclib" => [ [ "advisoryId" => "PKSA-432p-hv1d-chf7" "packageName" => "phpseclib/phpseclib" "remoteId" => "GHSA-m557-wrgg-6rp4" "title" => "phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access" "link" => "https://github.com/advisories/GHSA-m557-wrgg-6rp4" "cve" => null "affectedVersions" => ">=3.0.0,<=3.0.53|>=2.0.0,<=2.0.54|>=0.1.1,<=1.0.29" "source" => "GitHub" "reportedAt" => "2026-06-16 15:03:58" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-m557-wrgg-6rp4" ] ] ] [ "advisoryId" => "PKSA-smrh-yx37-92ws" "packageName" => "phpseclib/phpseclib" "remoteId" => "GHSA-3qpq-r242-jqj7" "title" => "phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()" "link" => "https://github.com/advisories/GHSA-3qpq-r242-jqj7" "cve" => "CVE-2026-44167" "affectedVersions" => ">=0.1.1,<=1.0.28|>=3.0.0,<=3.0.51|>=2.0.0,<=2.0.53" "source" => "GitHub" "reportedAt" => "2026-05-05 21:17:57" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-3qpq-r242-jqj7" ] ] ] [ "advisoryId" => "PKSA-zh4j-by9m-7mz8" "packageName" => "phpseclib/phpseclib" "remoteId" => "GHSA-r854-jrxh-36qx" "title" => "phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()" "link" => "https://github.com/advisories/GHSA-r854-jrxh-36qx" "cve" => "CVE-2026-40194" "affectedVersions" => ">=0.1.1,<1.0.28|>=3.0.0,<3.0.51|>=2.0.0,<2.0.53" "source" => "GitHub" "reportedAt" => "2026-04-10 20:58:10" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-r854-jrxh-36qx" ] ] ] [ "advisoryId" => "PKSA-km2b-zc3b-mjm3" "packageName" => "phpseclib/phpseclib" "remoteId" => "GHSA-94g3-g5v7-q4jg" "title" => "phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack" "link" => "https://github.com/advisories/GHSA-94g3-g5v7-q4jg" "cve" => "CVE-2026-32935" "affectedVersions" => ">=0.1.1,<=1.0.26|>=2.0.0,<=2.0.51|>=3.0.0,<=3.0.49" "source" => "GitHub" "reportedAt" => "2026-03-19 16:42:18" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-94g3-g5v7-q4jg" ] ] ] [ "advisoryId" => "PKSA-4p7m-np8m-fq35" "packageName" => "phpseclib/phpseclib" "remoteId" => "GHSA-ff7q-6vwh-v9m4" "title" => "Name confusion in x509 Subject Alternative Name fields" "link" => "https://github.com/advisories/GHSA-ff7q-6vwh-v9m4" "cve" => "CVE-2023-52892" "affectedVersions" => ">=3.0.0,<3.0.33|>=2.0.0,<2.0.46|<1.0.22" "source" => "GitHub" "reportedAt" => "2024-06-28 00:33:31" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-ff7q-6vwh-v9m4" ] ] ] [ "advisoryId" => "PKSA-t5xz-td8w-f35v" "packageName" => "phpseclib/phpseclib" "remoteId" => "phpseclib/phpseclib/CVE-2024-27354.yaml" "title" => "phpseclib a large prime can cause a denial of service" "link" => "https://github.com/advisories/GHSA-hg35-mp25-qf6h" "cve" => "CVE-2024-27354" "affectedVersions" => ">=3.0.0,<3.0.36|>=2.0.0,<2.0.47|>=1.0.0,<1.0.23" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2024-03-02 00:31:33" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-2528-jw5q-ww88" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "phpseclib/phpseclib/CVE-2024-27354.yaml" ] ] ] [ "advisoryId" => "PKSA-jsh4-f6tg-bwyq" "packageName" => "phpseclib/phpseclib" "remoteId" => "phpseclib/phpseclib/CVE-2024-27355.yaml" "title" => "phpseclib does not properly limit the ASN1 OID length" "link" => "https://github.com/advisories/GHSA-jr22-8qgm-4q87" "cve" => "CVE-2024-27355" "affectedVersions" => ">=3.0.0,<3.0.36|>=2.0.0,<2.0.47|>=1.0.0,<1.0.23" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2024-03-02 00:31:33" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-f2qx-66wf-wvvx" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "phpseclib/phpseclib/CVE-2024-27355.yaml" ] ] ] [ "advisoryId" => "PKSA-vpz8-6fv7-t3fd" "packageName" => "phpseclib/phpseclib" "remoteId" => "phpseclib/phpseclib/CVE-2023-49316.yaml" "title" => "phpseclib vulnerable to denial of service" "link" => "https://github.com/advisories/GHSA-jpr7-q523-hx25" "cve" => "CVE-2023-49316" "affectedVersions" => ">=3.0.0,<3.0.34" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2023-11-27 18:31:14" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-2f25-pfq3-c7h8" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "phpseclib/phpseclib/CVE-2023-49316.yaml" ] ] ] [ "advisoryId" => "PKSA-qrgb-4pgm-cz41" "packageName" => "phpseclib/phpseclib" "remoteId" => "phpseclib/phpseclib/CVE-2023-27560.yaml" "title" => "Infinite Loop vulnerability" "link" => "https://github.com/advisories/GHSA-hm7p-r324-hhf3" "cve" => "CVE-2023-27560" "affectedVersions" => ">=3.0.0,<3.0.19" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2023-03-06 09:20:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-hm7p-r324-hhf3" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "phpseclib/phpseclib/CVE-2023-27560.yaml" ] ] ] [ "advisoryId" => "PKSA-mnsd-qtjt-pgcq" "packageName" => "phpseclib/phpseclib" "remoteId" => "phpseclib/phpseclib/CVE-2021-30130.yaml" "title" => "Improper Certificate Validation in phpseclib" "link" => "https://github.com/phpseclib/phpseclib/pull/1635" "cve" => "CVE-2021-30130" "affectedVersions" => "<2.0.31|>=3.0.0,<3.0.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2021-04-06 13:43:13" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-vf4w-fg7r-5v94" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "phpseclib/phpseclib/CVE-2021-30130.yaml" ] ] ] ] "phpunit/phpunit" => [ [ "advisoryId" => "PKSA-qccq-2pht-gg3w" "packageName" => "phpunit/phpunit" "remoteId" => "GHSA-mh6w-vxff-9wqp" "title" => "PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes" "link" => "https://github.com/advisories/GHSA-mh6w-vxff-9wqp" "cve" => null "affectedVersions" => ">=13.1.5,<13.1.6|>=12.5.21,<12.5.22" "source" => "GitHub" "reportedAt" => "2026-04-22 14:56:07" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-mh6w-vxff-9wqp" ] ] ] [ "advisoryId" => "PKSA-5jz8-6tcw-pbk4" "packageName" => "phpunit/phpunit" "remoteId" => "phpunit/phpunit/CVE-2026-41570.yaml" "title" => "Argument injection via newline in PHP INI values forwarded to child processes" "link" => "https://github.com/sebastianbergmann/phpunit/security/advisories/GHSA-qrr6-mg7r-m243" "cve" => "CVE-2026-41570" "affectedVersions" => ">=12.5.21,<12.5.22|>=13.1.5,<13.1.6" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-04-17 12:52:26" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-qrr6-mg7r-m243" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "phpunit/phpunit/CVE-2026-41570.yaml" ] ] ] [ "advisoryId" => "PKSA-z3gr-8qht-p93v" "packageName" => "phpunit/phpunit" "remoteId" => "phpunit/phpunit/CVE-2026-24765.yaml" "title" => "Unsafe Deserialization in PHPT Code Coverage Handling" "link" => "https://github.com/sebastianbergmann/phpunit/security/advisories/GHSA-vvj3-c3rp-c85p" "cve" => "CVE-2026-24765" "affectedVersions" => ">=0,<8.5.52|>=9.0.0,<9.6.33|>=10.0.0,<10.5.62|>=11.0.0,<11.5.50|>=12.0.0,<12.5.8" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-01-27 05:21:14" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-vvj3-c3rp-c85p" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "phpunit/phpunit/CVE-2026-24765.yaml" ] ] ] [ "advisoryId" => "PKSA-w57n-mhp6-c9sd" "packageName" => "phpunit/phpunit" "remoteId" => "phpunit/phpunit/CVE-2017-9841.yaml" "title" => "RCE vulnerability in phpunit" "link" => "https://nvd.nist.gov/vuln/detail/CVE-2017-9841" "cve" => "CVE-2017-9841" "affectedVersions" => ">=5.0.10,<5.6.3|>=4.8.19,<4.8.28" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2016-11-13 17:52:50" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-r7c9-c69m-rph8" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "phpunit/phpunit/CVE-2017-9841.yaml" ] ] ] ] "mbezhanov/faker-provider-collection" => [] "meyfa/php-svg" => [] "myclabs/deep-copy" => [] "nikic/php-parser" => [] "opensearch-project/opensearch-php" => [] "padaliyajay/php-autoprefixer" => [] "paragonie/constant_time_encoding" => [] "pentatrion/vite-bundle" => [] "phar-io/manifest" => [] "phar-io/version" => [] "phpstan/phpdoc-parser" => [] "phpunit/php-code-coverage" => [] "phpunit/php-file-iterator" => [] "phpunit/php-invoker" => [] "phpunit/php-text-template" => [] "phpunit/php-timer" => [] ] ] ] |
|
| GET | https://packagist.org/api/security-advisories/ | |
|---|---|---|
| Request options | [ "query" => [ "packages" => [ "psr/cache" "psr/clock" "psr/event-dispatcher" "psr/log" "ramsey/collection" "ramsey/uuid" "react/promise" "sabberworm/php-css-parser" "scssphp/scssphp" "sebastian/cli-parser" "sebastian/comparator" "sebastian/complexity" "sebastian/diff" "sebastian/environment" "sebastian/exporter" "sebastian/global-state" "sebastian/lines-of-code" "sebastian/object-enumerator" "sebastian/object-reflector" "sebastian/recursion-context" ] ] "timeout" => 15 ] |
|
| Response |
200
[ "info" => [ "header_size" => 1444 "request_size" => 770 "total_time" => 0.036404 "pretransfer_time" => 0.000137 "size_download" => 666.0 "speed_download" => 18294.0 "starttransfer_time" => 0.036231 "primary_ip" => "169.150.247.35" "primary_port" => 443 "local_ip" => "45.152.250.86" "local_port" => 16816 "http_version" => 3 "protocol" => 2 "scheme" => "https" "pretransfer_time_us" => 137 "starttransfer_time_us" => 36231 "posttransfer_time_us" => 136 "total_time_us" => 36404 "effective_method" => "GET" "cainfo" => "/etc/pki/tls/certs/ca-bundle.crt" "start_time" => 1781720190.2432 "original_url" => "https://packagist.org/api/security-advisories/?packages[0]=psr/cache&packages[1]=psr/clock&packages[2]=psr/event-dispatcher&packages[3]=psr/log&packages[4]=ramsey/collection&packages[5]=ramsey/uuid&packages[6]=react/promise&packages[7]=sabberworm/php-css-parser&packages[8]=scssphp/scssphp&packages[9]=sebastian/cli-parser&packages[10]=sebastian/comparator&packages[11]=sebastian/complexity&packages[12]=sebastian/diff&packages[13]=sebastian/environment&packages[14]=sebastian/exporter&packages[15]=sebastian/global-state&packages[16]=sebastian/lines-of-code&packages[17]=sebastian/object-enumerator&packages[18]=sebastian/object-reflector&packages[19]=sebastian/recursion-context" "pause_handler" => Closure(float $duration) {#1538 : "Symfony\Component\HttpClient\Response\CurlResponse" : { : CurlHandle {#1534 …} : Symfony\Component\HttpClient\Internal\CurlClientState {#1362 …} : -9223372036854775789 } } "debug" => """ * Reusing existing https: connection with host packagist.org\n * [HTTP/2] [9] OPENED stream for https://packagist.org/api/security-advisories/?packages[0]=psr/cache&packages[1]=psr/clock&packages[2]=psr/event-dispatcher&packages[3]=psr/log&packages[4]=ramsey/collection&packages[5]=ramsey/uuid&packages[6]=react/promise&packages[7]=sabberworm/php-css-parser&packages[8]=scssphp/scssphp&packages[9]=sebastian/cli-parser&packages[10]=sebastian/comparator&packages[11]=sebastian/complexity&packages[12]=sebastian/diff&packages[13]=sebastian/environment&packages[14]=sebastian/exporter&packages[15]=sebastian/global-state&packages[16]=sebastian/lines-of-code&packages[17]=sebastian/object-enumerator&packages[18]=sebastian/object-reflector&packages[19]=sebastian/recursion-context\n * [HTTP/2] [9] [:method: GET]\n * [HTTP/2] [9] [:scheme: https]\n * [HTTP/2] [9] [:authority: packagist.org]\n * [HTTP/2] [9] [:path: /api/security-advisories/?packages[0]=psr/cache&packages[1]=psr/clock&packages[2]=psr/event-dispatcher&packages[3]=psr/log&packages[4]=ramsey/collection&packages[5]=ramsey/uuid&packages[6]=react/promise&packages[7]=sabberworm/php-css-parser&packages[8]=scssphp/scssphp&packages[9]=sebastian/cli-parser&packages[10]=sebastian/comparator&packages[11]=sebastian/complexity&packages[12]=sebastian/diff&packages[13]=sebastian/environment&packages[14]=sebastian/exporter&packages[15]=sebastian/global-state&packages[16]=sebastian/lines-of-code&packages[17]=sebastian/object-enumerator&packages[18]=sebastian/object-reflector&packages[19]=sebastian/recursion-context]\n * [HTTP/2] [9] [accept: */*]\n * [HTTP/2] [9] [user-agent: Symfony HttpClient (Curl)]\n * [HTTP/2] [9] [accept-encoding: gzip]\n > GET /api/security-advisories/?packages[0]=psr/cache&packages[1]=psr/clock&packages[2]=psr/event-dispatcher&packages[3]=psr/log&packages[4]=ramsey/collection&packages[5]=ramsey/uuid&packages[6]=react/promise&packages[7]=sabberworm/php-css-parser&packages[8]=scssphp/scssphp&packages[9]=sebastian/cli-parser&packages[10]=sebastian/comparator&packages[11]=sebastian/complexity&packages[12]=sebastian/diff&packages[13]=sebastian/environment&packages[14]=sebastian/exporter&packages[15]=sebastian/global-state&packages[16]=sebastian/lines-of-code&packages[17]=sebastian/object-enumerator&packages[18]=sebastian/object-reflector&packages[19]=sebastian/recursion-context HTTP/2\r\n Host: packagist.org\r\n Accept: */*\r\n User-Agent: Symfony HttpClient (Curl)\r\n Accept-Encoding: gzip\r\n \r\n * Request completely sent off\n < HTTP/2 200 \r\n < date: Wed, 17 Jun 2026 18:16:30 GMT\r\n < content-type: application/json\r\n < vary: Accept-Encoding\r\n < server: BunnyCDN-DE1-1078\r\n < cdn-pullzone: 3535225\r\n < cdn-requestcountrycode: NL\r\n < cache-control: max-age=0, must-revalidate, private\r\n < expires: Wed, 17 Jun 2026 18:16:30 GMT\r\n < strict-transport-security: max-age=31104000\r\n < x-frame-options: DENY\r\n < content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-xss-protection: 1; mode=block\r\n < referrer-policy: strict-origin-when-cross-origin\r\n < x-content-type-options: nosniff\r\n < cdn-proxyver: 1.57\r\n < cdn-requestpullsuccess: True\r\n < cdn-requestpullcode: 200\r\n < cdn-cachedat: 06/17/2026 18:16:30\r\n < cdn-edgestorageid: 1334\r\n < cdn-requestid: 4d5e44de5f3bbaecc130613815cb0a99\r\n < cdn-cache: MISS\r\n < cdn-status: 200\r\n < cdn-requesttime: 0\r\n < content-encoding: gzip\r\n < \r\n """ ] "url" => "https://packagist.org/api/security-advisories/?packages[0]=psr/cache&packages[1]=psr/clock&packages[2]=psr/event-dispatcher&packages[3]=psr/log&packages[4]=ramsey/collection&packages[5]=ramsey/uuid&packages[6]=react/promise&packages[7]=sabberworm/php-css-parser&packages[8]=scssphp/scssphp&packages[9]=sebastian/cli-parser&packages[10]=sebastian/comparator&packages[11]=sebastian/complexity&packages[12]=sebastian/diff&packages[13]=sebastian/environment&packages[14]=sebastian/exporter&packages[15]=sebastian/global-state&packages[16]=sebastian/lines-of-code&packages[17]=sebastian/object-enumerator&packages[18]=sebastian/object-reflector&packages[19]=sebastian/recursion-context" "response_headers" => [ "HTTP/2 200 " "date: Wed, 17 Jun 2026 18:16:30 GMT" "content-type: application/json" "vary: Accept-Encoding" "server: BunnyCDN-DE1-1078" "cdn-pullzone: 3535225" "cdn-requestcountrycode: NL" "cache-control: max-age=0, must-revalidate, private" "expires: Wed, 17 Jun 2026 18:16:30 GMT" "strict-transport-security: max-age=31104000" "x-frame-options: DENY" "content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-xss-protection: 1; mode=block" "referrer-policy: strict-origin-when-cross-origin" "x-content-type-options: nosniff" "cdn-proxyver: 1.57" "cdn-requestpullsuccess: True" "cdn-requestpullcode: 200" "cdn-cachedat: 06/17/2026 18:16:30" "cdn-edgestorageid: 1334" "cdn-requestid: 4d5e44de5f3bbaecc130613815cb0a99" "cdn-cache: MISS" "cdn-status: 200" "cdn-requesttime: 0" "content-encoding: gzip" ] "response_json" => [ "advisories" => [ "sabberworm/php-css-parser" => [ [ "advisoryId" => "PKSA-2b5y-mhcw-mt5g" "packageName" => "sabberworm/php-css-parser" "remoteId" => "sabberworm/php-css-parser/CVE-2020-13756.yaml" "title" => "Code injection vulnerability in allSelectors()" "link" => "https://packetstormsecurity.com/files/cve/CVE-2020-13756" "cve" => "CVE-2020-13756" "affectedVersions" => ">=8.3.0,<8.3.1|>=8.2.0,<8.2.1|>=8.1.0,<8.1.1|>=8.0.0,<8.0.1|>=7.0.0,<7.0.4|>=6.0.0,<6.0.2|>=5.2.0,<5.2.1|>=5.1.0,<5.1.3|>=5.0.0,<5.0.9|>=4.0.0,<4.0.1|>=3.0.0,<3.0.1|>=2.0.0,<2.0.1|>=1.0.0,<1.0.1" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2020-01-01 00:00:00" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-phrq-v4q2-hmq6" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "sabberworm/php-css-parser/CVE-2020-13756.yaml" ] ] ] ] "psr/cache" => [] "psr/clock" => [] "psr/event-dispatcher" => [] "psr/log" => [] "ramsey/collection" => [] "ramsey/uuid" => [] "react/promise" => [] "scssphp/scssphp" => [] "sebastian/cli-parser" => [] "sebastian/comparator" => [] "sebastian/complexity" => [] "sebastian/diff" => [] "sebastian/environment" => [] "sebastian/exporter" => [] "sebastian/global-state" => [] "sebastian/lines-of-code" => [] "sebastian/object-enumerator" => [] "sebastian/object-reflector" => [] "sebastian/recursion-context" => [] ] ] ] |
|
| GET | https://packagist.org/api/security-advisories/ | |
|---|---|---|
| Request options | [ "query" => [ "packages" => [ "sebastian/type" "sebastian/version" "seld/jsonlint" "seld/phar-utils" "seld/signal-handler" "setasign/fpdf" "setasign/fpdi" "setasign/tfpdf" "shopware/administration" "shopware/conflicts" "shopware/core" "shopware/dev-tools" "shopware/elasticsearch" "shopware/production" "shopware/storefront" "shopwarelabs/images-generator" "shyim/opensearch-php-dsl" "smalot/pdfparser" "squirrelphp/twig-php-syntax" "staabm/side-effects-detector" ] ] "timeout" => 15 ] |
|
| Response |
200
[ "info" => [ "header_size" => 1444 "request_size" => 780 "total_time" => 0.036023 "pretransfer_time" => 0.000112 "size_download" => 6915.0 "speed_download" => 191960.0 "starttransfer_time" => 0.035878 "primary_ip" => "169.150.247.35" "primary_port" => 443 "local_ip" => "45.152.250.86" "local_port" => 16816 "http_version" => 3 "protocol" => 2 "scheme" => "https" "pretransfer_time_us" => 112 "starttransfer_time_us" => 35878 "posttransfer_time_us" => 111 "total_time_us" => 36023 "effective_method" => "GET" "cainfo" => "/etc/pki/tls/certs/ca-bundle.crt" "start_time" => 1781720190.2802 "original_url" => "https://packagist.org/api/security-advisories/?packages[0]=sebastian/type&packages[1]=sebastian/version&packages[2]=seld/jsonlint&packages[3]=seld/phar-utils&packages[4]=seld/signal-handler&packages[5]=setasign/fpdf&packages[6]=setasign/fpdi&packages[7]=setasign/tfpdf&packages[8]=shopware/administration&packages[9]=shopware/conflicts&packages[10]=shopware/core&packages[11]=shopware/dev-tools&packages[12]=shopware/elasticsearch&packages[13]=shopware/production&packages[14]=shopware/storefront&packages[15]=shopwarelabs/images-generator&packages[16]=shyim/opensearch-php-dsl&packages[17]=smalot/pdfparser&packages[18]=squirrelphp/twig-php-syntax&packages[19]=staabm/side-effects-detector" "pause_handler" => Closure(float $duration) {#1560 : "Symfony\Component\HttpClient\Response\CurlResponse" : { : CurlHandle {#1564 …} : Symfony\Component\HttpClient\Internal\CurlClientState {#1362 …} : -9223372036854775786 } } "debug" => """ * Reusing existing https: connection with host packagist.org\n * [HTTP/2] [11] OPENED stream for https://packagist.org/api/security-advisories/?packages[0]=sebastian/type&packages[1]=sebastian/version&packages[2]=seld/jsonlint&packages[3]=seld/phar-utils&packages[4]=seld/signal-handler&packages[5]=setasign/fpdf&packages[6]=setasign/fpdi&packages[7]=setasign/tfpdf&packages[8]=shopware/administration&packages[9]=shopware/conflicts&packages[10]=shopware/core&packages[11]=shopware/dev-tools&packages[12]=shopware/elasticsearch&packages[13]=shopware/production&packages[14]=shopware/storefront&packages[15]=shopwarelabs/images-generator&packages[16]=shyim/opensearch-php-dsl&packages[17]=smalot/pdfparser&packages[18]=squirrelphp/twig-php-syntax&packages[19]=staabm/side-effects-detector\n * [HTTP/2] [11] [:method: GET]\n * [HTTP/2] [11] [:scheme: https]\n * [HTTP/2] [11] [:authority: packagist.org]\n * [HTTP/2] [11] [:path: /api/security-advisories/?packages[0]=sebastian/type&packages[1]=sebastian/version&packages[2]=seld/jsonlint&packages[3]=seld/phar-utils&packages[4]=seld/signal-handler&packages[5]=setasign/fpdf&packages[6]=setasign/fpdi&packages[7]=setasign/tfpdf&packages[8]=shopware/administration&packages[9]=shopware/conflicts&packages[10]=shopware/core&packages[11]=shopware/dev-tools&packages[12]=shopware/elasticsearch&packages[13]=shopware/production&packages[14]=shopware/storefront&packages[15]=shopwarelabs/images-generator&packages[16]=shyim/opensearch-php-dsl&packages[17]=smalot/pdfparser&packages[18]=squirrelphp/twig-php-syntax&packages[19]=staabm/side-effects-detector]\n * [HTTP/2] [11] [accept: */*]\n * [HTTP/2] [11] [user-agent: Symfony HttpClient (Curl)]\n * [HTTP/2] [11] [accept-encoding: gzip]\n > GET /api/security-advisories/?packages[0]=sebastian/type&packages[1]=sebastian/version&packages[2]=seld/jsonlint&packages[3]=seld/phar-utils&packages[4]=seld/signal-handler&packages[5]=setasign/fpdf&packages[6]=setasign/fpdi&packages[7]=setasign/tfpdf&packages[8]=shopware/administration&packages[9]=shopware/conflicts&packages[10]=shopware/core&packages[11]=shopware/dev-tools&packages[12]=shopware/elasticsearch&packages[13]=shopware/production&packages[14]=shopware/storefront&packages[15]=shopwarelabs/images-generator&packages[16]=shyim/opensearch-php-dsl&packages[17]=smalot/pdfparser&packages[18]=squirrelphp/twig-php-syntax&packages[19]=staabm/side-effects-detector HTTP/2\r\n Host: packagist.org\r\n Accept: */*\r\n User-Agent: Symfony HttpClient (Curl)\r\n Accept-Encoding: gzip\r\n \r\n * Request completely sent off\n < HTTP/2 200 \r\n < date: Wed, 17 Jun 2026 18:16:30 GMT\r\n < content-type: application/json\r\n < vary: Accept-Encoding\r\n < server: BunnyCDN-DE1-1078\r\n < cdn-pullzone: 3535225\r\n < cdn-requestcountrycode: NL\r\n < cache-control: max-age=0, must-revalidate, private\r\n < expires: Wed, 17 Jun 2026 18:16:30 GMT\r\n < strict-transport-security: max-age=31104000\r\n < x-frame-options: DENY\r\n < content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-xss-protection: 1; mode=block\r\n < referrer-policy: strict-origin-when-cross-origin\r\n < x-content-type-options: nosniff\r\n < cdn-proxyver: 1.57\r\n < cdn-requestpullsuccess: True\r\n < cdn-requestpullcode: 200\r\n < cdn-cachedat: 06/17/2026 18:16:30\r\n < cdn-edgestorageid: 1048\r\n < cdn-requestid: d765fd52ce80621a9ca84189ef72b675\r\n < cdn-cache: MISS\r\n < cdn-status: 200\r\n < cdn-requesttime: 0\r\n < content-encoding: gzip\r\n < \r\n """ ] "url" => "https://packagist.org/api/security-advisories/?packages[0]=sebastian/type&packages[1]=sebastian/version&packages[2]=seld/jsonlint&packages[3]=seld/phar-utils&packages[4]=seld/signal-handler&packages[5]=setasign/fpdf&packages[6]=setasign/fpdi&packages[7]=setasign/tfpdf&packages[8]=shopware/administration&packages[9]=shopware/conflicts&packages[10]=shopware/core&packages[11]=shopware/dev-tools&packages[12]=shopware/elasticsearch&packages[13]=shopware/production&packages[14]=shopware/storefront&packages[15]=shopwarelabs/images-generator&packages[16]=shyim/opensearch-php-dsl&packages[17]=smalot/pdfparser&packages[18]=squirrelphp/twig-php-syntax&packages[19]=staabm/side-effects-detector" "response_headers" => [ "HTTP/2 200 " "date: Wed, 17 Jun 2026 18:16:30 GMT" "content-type: application/json" "vary: Accept-Encoding" "server: BunnyCDN-DE1-1078" "cdn-pullzone: 3535225" "cdn-requestcountrycode: NL" "cache-control: max-age=0, must-revalidate, private" "expires: Wed, 17 Jun 2026 18:16:30 GMT" "strict-transport-security: max-age=31104000" "x-frame-options: DENY" "content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-xss-protection: 1; mode=block" "referrer-policy: strict-origin-when-cross-origin" "x-content-type-options: nosniff" "cdn-proxyver: 1.57" "cdn-requestpullsuccess: True" "cdn-requestpullcode: 200" "cdn-cachedat: 06/17/2026 18:16:30" "cdn-edgestorageid: 1048" "cdn-requestid: d765fd52ce80621a9ca84189ef72b675" "cdn-cache: MISS" "cdn-status: 200" "cdn-requesttime: 0" "content-encoding: gzip" ] "response_json" => [ "advisories" => [ "setasign/fpdi" => [ [ "advisoryId" => "PKSA-37cw-b473-k9np" "packageName" => "setasign/fpdi" "remoteId" => "GHSA-2mgw-7q6p-8grg" "title" => "FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service" "link" => "https://github.com/advisories/GHSA-2mgw-7q6p-8grg" "cve" => "CVE-2026-45802" "affectedVersions" => "<2.6.7" "source" => "GitHub" "reportedAt" => "2026-05-19 19:56:17" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-2mgw-7q6p-8grg" ] ] ] [ "advisoryId" => "PKSA-p3w6-ybvq-zfbx" "packageName" => "setasign/fpdi" "remoteId" => "GHSA-jxhh-4648-vpp3" "title" => "FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service" "link" => "https://github.com/advisories/GHSA-jxhh-4648-vpp3" "cve" => "CVE-2025-54869" "affectedVersions" => "<2.6.4" "source" => "GitHub" "reportedAt" => "2025-08-05 15:23:54" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-jxhh-4648-vpp3" ] ] ] ] "shopware/core" => [ [ "advisoryId" => "PKSA-9x83-17hb-ky3t" "packageName" => "shopware/core" "remoteId" => "GHSA-gq96-5pfx-f4vc" "title" => "Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation" "link" => "https://github.com/advisories/GHSA-gq96-5pfx-f4vc" "cve" => "CVE-2026-48013" "affectedVersions" => ">=6.7.0.0,<6.7.10.1" "source" => "GitHub" "reportedAt" => "2026-06-04 19:36:07" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-gq96-5pfx-f4vc" ] ] ] [ "advisoryId" => "PKSA-qf56-zbmm-29m8" "packageName" => "shopware/core" "remoteId" => "GHSA-xvhc-gm7j-mhmc" "title" => "Shopware: Stored XSS via SVG file upload — no SVG sanitization" "link" => "https://github.com/advisories/GHSA-xvhc-gm7j-mhmc" "cve" => "CVE-2026-48015" "affectedVersions" => "<6.6.10.18|>=6.7.0.0,<6.7.10.1" "source" => "GitHub" "reportedAt" => "2026-06-04 19:35:26" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-xvhc-gm7j-mhmc" ] ] ] [ "advisoryId" => "PKSA-y5sy-w7mt-r97k" "packageName" => "shopware/core" "remoteId" => "GHSA-9v5m-39wh-5chq" "title" => "Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment" "link" => "https://github.com/advisories/GHSA-9v5m-39wh-5chq" "cve" => "CVE-2026-48016" "affectedVersions" => "<6.6.10.18|>=6.7.0.0,<6.7.10.1" "source" => "GitHub" "reportedAt" => "2026-06-04 19:33:54" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-9v5m-39wh-5chq" ] ] ] [ "advisoryId" => "PKSA-rnpb-7fbj-phyz" "packageName" => "shopware/core" "remoteId" => "GHSA-f8q6-3g5w-jjr6" "title" => "Shopware: Admin API ACL Bypass in Order State Transition Endpoints" "link" => "https://github.com/advisories/GHSA-f8q6-3g5w-jjr6" "cve" => "CVE-2026-48014" "affectedVersions" => "<6.6.10.18|>=6.7.0.0,<6.7.10.1" "source" => "GitHub" "reportedAt" => "2026-06-04 19:33:02" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-f8q6-3g5w-jjr6" ] ] ] [ "advisoryId" => "PKSA-xknd-fd7t-crfc" "packageName" => "shopware/core" "remoteId" => "GHSA-4x3x-869w-xx3m" "title" => "Shopware SSO referer trust leading to an arbitrary redirect target" "link" => "https://github.com/advisories/GHSA-4x3x-869w-xx3m" "cve" => "CVE-2026-48012" "affectedVersions" => ">=6.7.3.0,<6.7.10.1" "source" => "GitHub" "reportedAt" => "2026-06-04 19:32:35" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-4x3x-869w-xx3m" ] ] ] [ "advisoryId" => "PKSA-yt77-qm1k-2vvb" "packageName" => "shopware/core" "remoteId" => "GHSA-7w52-7jvm-m9vw" "title" => "Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames" "link" => "https://github.com/advisories/GHSA-7w52-7jvm-m9vw" "cve" => "CVE-2026-48011" "affectedVersions" => "<6.6.10.18|>=6.7.0.0,<6.7.10.1" "source" => "GitHub" "reportedAt" => "2026-06-04 19:31:17" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-7w52-7jvm-m9vw" ] ] ] [ "advisoryId" => "PKSA-fstf-sh35-tmx7" "packageName" => "shopware/core" "remoteId" => "GHSA-v39m-97p8-gqg7" "title" => "Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts" "link" => "https://github.com/advisories/GHSA-v39m-97p8-gqg7" "cve" => "CVE-2026-48010" "affectedVersions" => "<6.6.10.18|>=6.7.0.0,<6.7.10.1" "source" => "GitHub" "reportedAt" => "2026-06-04 19:28:29" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-v39m-97p8-gqg7" ] ] ] [ "advisoryId" => "PKSA-946b-qy3w-67d7" "packageName" => "shopware/core" "remoteId" => "GHSA-8v9p-g828-v98f" "title" => "Shopware: Admin Account Takeover via User Recovery Hash Exposure" "link" => "https://github.com/advisories/GHSA-8v9p-g828-v98f" "cve" => "CVE-2026-48009" "affectedVersions" => "<6.6.10.18|>=6.7.0.0,<6.7.10.1" "source" => "GitHub" "reportedAt" => "2026-06-04 19:27:15" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-8v9p-g828-v98f" ] ] ] [ "advisoryId" => "PKSA-zymb-qg2c-csgb" "packageName" => "shopware/core" "remoteId" => "GHSA-gv8p-48fr-4fxg" "title" => "Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass" "link" => "https://github.com/advisories/GHSA-gv8p-48fr-4fxg" "cve" => "CVE-2026-48008" "affectedVersions" => "<6.6.10.18|>=6.7.0.0,<6.7.10.1" "source" => "GitHub" "reportedAt" => "2026-06-04 19:23:33" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-gv8p-48fr-4fxg" ] ] ] [ "advisoryId" => "PKSA-fyfg-936j-xtjc" "packageName" => "shopware/core" "remoteId" => "GHSA-c4p7-rwrg-pf6p" "title" => "Shopware vulnerable to a potential take over of app credentials" "link" => "https://github.com/advisories/GHSA-c4p7-rwrg-pf6p" "cve" => "CVE-2026-31889" "affectedVersions" => "<6.6.10.15|>=6.7.0.0,<6.7.8.1" "source" => "GitHub" "reportedAt" => "2026-03-11 19:24:06" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-c4p7-rwrg-pf6p" ] ] ] [ "advisoryId" => "PKSA-cck7-yytv-pqc6" "packageName" => "shopware/core" "remoteId" => "GHSA-gqc5-xv7m-gcjq" "title" => "Shopware has user enumeration via distinct error codes on Store API login endpoint" "link" => "https://github.com/advisories/GHSA-gqc5-xv7m-gcjq" "cve" => "CVE-2026-31888" "affectedVersions" => "<6.6.10.15|>=6.7.0.0,<6.7.8.1" "source" => "GitHub" "reportedAt" => "2026-03-11 19:23:49" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-gqc5-xv7m-gcjq" ] ] ] [ "advisoryId" => "PKSA-1d39-xhww-sgwf" "packageName" => "shopware/core" "remoteId" => "GHSA-7vvp-j573-5584" "title" => "Shopware: Unauthenticated data extraction possible through store-api.order endpoint" "link" => "https://github.com/advisories/GHSA-7vvp-j573-5584" "cve" => "CVE-2026-31887" "affectedVersions" => "<6.6.10.15|>=6.7.0.0,<6.7.8.1" "source" => "GitHub" "reportedAt" => "2026-03-11 19:23:43" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-7vvp-j573-5584" ] ] ] [ "advisoryId" => "PKSA-sj7p-kg8p-gg2k" "packageName" => "shopware/core" "remoteId" => "GHSA-7cw6-7h3h-v8pf" "title" => "Shopware Has Improper Control of Generation of Code in Twig rendered views" "link" => "https://github.com/advisories/GHSA-7cw6-7h3h-v8pf" "cve" => "CVE-2026-23498" "affectedVersions" => ">=6.7.0.0,<6.7.6.1" "source" => "GitHub" "reportedAt" => "2026-01-14 16:54:27" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-7cw6-7h3h-v8pf" ] ] ] [ "advisoryId" => "PKSA-w3qy-s9h7-2hqr" "packageName" => "shopware/core" "remoteId" => "GHSA-2w46-vq8h-98vh" "title" => "Shopware 6's password recovery link does not expire after email change" "link" => "https://github.com/advisories/GHSA-2w46-vq8h-98vh" "cve" => null "affectedVersions" => ">=6.7.0.0,<6.7.4.1|<6.6.10.9" "source" => "GitHub" "reportedAt" => "2025-11-14 20:42:24" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-2w46-vq8h-98vh" ] ] ] [ "advisoryId" => "PKSA-v415-g75g-bqsy" "packageName" => "shopware/core" "remoteId" => "GHSA-r2vg-hvjm-fg38" "title" => "Shopware Customer Orders can be canceled, even if refunds are disabled" "link" => "https://github.com/advisories/GHSA-r2vg-hvjm-fg38" "cve" => null "affectedVersions" => "<6.6.10.7|>=6.7.0.0,<6.7.3.1" "source" => "GitHub" "reportedAt" => "2025-10-21 18:03:27" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-r2vg-hvjm-fg38" ] ] ] [ "advisoryId" => "PKSA-kypv-cx5n-qkc8" "packageName" => "shopware/core" "remoteId" => "GHSA-27c9-vp3w-6ww8" "title" => "Shopware exposes sensitive user information via CSV export mapping" "link" => "https://github.com/advisories/GHSA-27c9-vp3w-6ww8" "cve" => null "affectedVersions" => "<6.6.10.7|>=6.7.0.0,<6.7.3.1" "source" => "GitHub" "reportedAt" => "2025-10-21 18:03:16" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-27c9-vp3w-6ww8" ] ] ] [ "advisoryId" => "PKSA-h5dj-jyqc-4fjr" "packageName" => "shopware/core" "remoteId" => "GHSA-3cpp-fv95-mpr5" "title" => "Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice" "link" => "https://github.com/advisories/GHSA-3cpp-fv95-mpr5" "cve" => null "affectedVersions" => "<6.6.10.7|>=6.7.0.0,<6.7.3.1" "source" => "GitHub" "reportedAt" => "2025-10-21 18:02:52" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-3cpp-fv95-mpr5" ] ] ] [ "advisoryId" => "PKSA-6wp3-462p-vyty" "packageName" => "shopware/core" "remoteId" => "GHSA-6wh5-mw9h-5c3w" "title" => "Shopware vulnerable to path traversal via Plugin upload" "link" => "https://github.com/advisories/GHSA-6wh5-mw9h-5c3w" "cve" => null "affectedVersions" => "<6.6.10.7|>=6.7.0.0,<6.7.3.1" "source" => "GitHub" "reportedAt" => "2025-10-21 18:02:14" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-6wh5-mw9h-5c3w" ] ] ] [ "advisoryId" => "PKSA-b824-t6kf-bqqz" "packageName" => "shopware/core" "remoteId" => "GHSA-m895-2hj3-8cg9" "title" => "Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually" "link" => "https://github.com/advisories/GHSA-m895-2hj3-8cg9" "cve" => null "affectedVersions" => "<6.6.10.7|>=6.7.0.0,<6.7.3.1" "source" => "GitHub" "reportedAt" => "2025-10-21 18:02:01" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-m895-2hj3-8cg9" ] ] ] [ "advisoryId" => "PKSA-tj1f-bg2x-7qkx" "packageName" => "shopware/core" "remoteId" => "GHSA-9v82-vcjx-m76j" "title" => "Shopware: Reflective Cross Site-Scripting (XSS) in CMS components" "link" => "https://github.com/advisories/GHSA-9v82-vcjx-m76j" "cve" => null "affectedVersions" => ">=6.7.0.0,<6.7.2.1" "source" => "GitHub" "reportedAt" => "2025-09-10 20:46:20" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-9v82-vcjx-m76j" ] ] ] [ "advisoryId" => "PKSA-8vfm-96b7-t9nt" "packageName" => "shopware/core" "remoteId" => "GHSA-4h9w-7vfp-px8m" "title" => "Shopware default newsletter opt-in settings allow for mass sign-up abuse" "link" => "https://github.com/advisories/GHSA-4h9w-7vfp-px8m" "cve" => "CVE-2025-32378" "affectedVersions" => "<6.5.8.17|>=6.7.0.0-rc1,<6.7.0.0-rc2|>=6.6.0.0-rc1,<6.6.10.3" "source" => "GitHub" "reportedAt" => "2025-04-09 13:53:11" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-4h9w-7vfp-px8m" ] ] ] [ "advisoryId" => "PKSA-frt7-rv6d-9v53" "packageName" => "shopware/core" "remoteId" => "GHSA-68wv-g3fw-pq7q" "title" => "Shopware Broken ACL on Document retrieval to access other customers documents" "link" => "https://github.com/advisories/GHSA-68wv-g3fw-pq7q" "cve" => null "affectedVersions" => "<6.5.8.17|>=6.7.0.0-rc1,<6.7.0.0-rc2|>=6.6.0.0,<6.6.10.3" "source" => "GitHub" "reportedAt" => "2025-04-08 16:33:30" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-68wv-g3fw-pq7q" ] ] ] [ "advisoryId" => "PKSA-m54b-2v2z-x1bs" "packageName" => "shopware/core" "remoteId" => "GHSA-8g35-7rmw-7f59" "title" => "Shopware Vulnerable to Blind SQL-injection in DAL aggregations" "link" => "https://github.com/advisories/GHSA-8g35-7rmw-7f59" "cve" => "CVE-2025-27892" "affectedVersions" => "<6.5.8.18|>=6.6.0.0,<=6.6.10.2|=6.7.0.0-rc1" "source" => "GitHub" "reportedAt" => "2025-04-08 16:33:06" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-8g35-7rmw-7f59" ] ] ] [ "advisoryId" => "PKSA-k472-zz4q-rd5r" "packageName" => "shopware/core" "remoteId" => "GHSA-cgfj-hj93-rmh2" "title" => "Shopware allows Denial Of Service via password length" "link" => "https://github.com/advisories/GHSA-cgfj-hj93-rmh2" "cve" => "CVE-2025-30151" "affectedVersions" => "<6.5.8.17|>=6.7.0.0-rc1,<6.7.0.0-rc2|>=6.6.0.0,<6.6.10.3" "source" => "GitHub" "reportedAt" => "2025-04-08 14:51:17" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-cgfj-hj93-rmh2" ] ] ] [ "advisoryId" => "PKSA-dbxn-psgm-2qmr" "packageName" => "shopware/core" "remoteId" => "GHSA-hh7j-6x3q-f52h" "title" => "Shopware 6 allows attackers to check for registered accounts through the store-api" "link" => "https://github.com/advisories/GHSA-hh7j-6x3q-f52h" "cve" => "CVE-2025-30150" "affectedVersions" => "<=6.5.8.17|>=6.6.0.0,<=6.6.10.2|=6.7.0.0-rc1" "source" => "GitHub" "reportedAt" => "2025-04-08 14:50:13" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-hh7j-6x3q-f52h" ] ] ] [ "advisoryId" => "PKSA-wp2c-7yp8-5fvs" "packageName" => "shopware/core" "remoteId" => "GHSA-p6w9-r443-r752" "title" => "Shopware vulnerable to blind SQL-injection in DAL aggregations" "link" => "https://github.com/advisories/GHSA-p6w9-r443-r752" "cve" => "CVE-2024-42357" "affectedVersions" => ">=6.6.0.0,<=6.6.5.0|<=6.5.8.12" "source" => "GitHub" "reportedAt" => "2024-08-08 14:53:57" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-p6w9-r443-r752" ] ] ] [ "advisoryId" => "PKSA-kt1g-n1g2-hzb4" "packageName" => "shopware/core" "remoteId" => "GHSA-35jp-8cgg-p4wj" "title" => "Shopware vulnerable to Server Side Template Injection in Twig using Context functions" "link" => "https://github.com/advisories/GHSA-35jp-8cgg-p4wj" "cve" => "CVE-2024-42356" "affectedVersions" => ">=6.6.0.0,<=6.6.5.0|<=6.5.8.12" "source" => "GitHub" "reportedAt" => "2024-08-08 14:50:11" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-35jp-8cgg-p4wj" ] ] ] [ "advisoryId" => "PKSA-6stq-czfs-1nvv" "packageName" => "shopware/core" "remoteId" => "GHSA-27wp-jvhw-v4xp" "title" => "Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag" "link" => "https://github.com/advisories/GHSA-27wp-jvhw-v4xp" "cve" => "CVE-2024-42355" "affectedVersions" => ">=6.6.0.0,<=6.6.5.0|<=6.5.8.12" "source" => "GitHub" "reportedAt" => "2024-08-08 14:48:03" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-27wp-jvhw-v4xp" ] ] ] [ "advisoryId" => "PKSA-4spx-rq41-wk8h" "packageName" => "shopware/core" "remoteId" => "GHSA-hhcq-ph6w-494g" "title" => "Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api" "link" => "https://github.com/advisories/GHSA-hhcq-ph6w-494g" "cve" => "CVE-2024-42354" "affectedVersions" => ">=6.6.0.0,<=6.6.5.0|<=6.5.8.12" "source" => "GitHub" "reportedAt" => "2024-08-08 14:42:58" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-hhcq-ph6w-494g" ] ] ] [ "advisoryId" => "PKSA-s8vz-878v-gv1c" "packageName" => "shopware/core" "remoteId" => "GHSA-5297-wrrp-rcj7" "title" => "Shopware Improper Session Handling in store-api account logout" "link" => "https://github.com/advisories/GHSA-5297-wrrp-rcj7" "cve" => "CVE-2024-31447" "affectedVersions" => ">=6.6.0.0-rc1,<6.6.1.0|>=6.3.5.0,<6.5.8.8" "source" => "GitHub" "reportedAt" => "2024-04-08 15:48:27" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-5297-wrrp-rcj7" ] ] ] [ "advisoryId" => "PKSA-mm7q-gnjj-tttn" "packageName" => "shopware/core" "remoteId" => "GHSA-3867-jc5c-66qf" "title" => "Broken Access Control order API in Shopware" "link" => "https://github.com/advisories/GHSA-3867-jc5c-66qf" "cve" => "CVE-2024-22407" "affectedVersions" => "<=6.5.7.3" "source" => "GitHub" "reportedAt" => "2024-01-17 20:29:33" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-3867-jc5c-66qf" ] ] ] [ "advisoryId" => "PKSA-ktmn-6519-qrdp" "packageName" => "shopware/core" "remoteId" => "GHSA-qmp9-2xwj-m6m9" "title" => "Blind SQL injection in shopware" "link" => "https://github.com/advisories/GHSA-qmp9-2xwj-m6m9" "cve" => "CVE-2024-22406" "affectedVersions" => "<=6.5.7.3" "source" => "GitHub" "reportedAt" => "2024-01-17 20:28:50" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-qmp9-2xwj-m6m9" ] ] ] [ "advisoryId" => "PKSA-kd1k-vbw9-69fx" "packageName" => "shopware/core" "remoteId" => "GHSA-7v2v-9rm4-7m8f" "title" => "Shopware Has Improper Control of Generation of Code in Twig rendered views" "link" => "https://github.com/advisories/GHSA-7v2v-9rm4-7m8f" "cve" => "CVE-2023-2017" "affectedVersions" => "<=6.4.20.0" "source" => "GitHub" "reportedAt" => "2023-04-18 13:14:20" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-7v2v-9rm4-7m8f" ] ] ] [ "advisoryId" => "PKSA-zbt5-mjsz-9f2t" "packageName" => "shopware/core" "remoteId" => "GHSA-46h7-vj7x-fxg2" "title" => "Shopware has Improper Input Validation issue in newsletter subscription" "link" => "https://github.com/advisories/GHSA-46h7-vj7x-fxg2" "cve" => "CVE-2023-22734" "affectedVersions" => "<=6.4.18.0" "source" => "GitHub" "reportedAt" => "2023-01-20 23:18:41" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-46h7-vj7x-fxg2" ] ] ] [ "advisoryId" => "PKSA-bnh5-5drc-b8g8" "packageName" => "shopware/core" "remoteId" => "GHSA-59qg-93jg-236f" "title" => "Shopware has Insufficient Session Expiration in Administration" "link" => "https://github.com/advisories/GHSA-59qg-93jg-236f" "cve" => "CVE-2023-22732" "affectedVersions" => "<=6.4.18.0" "source" => "GitHub" "reportedAt" => "2023-01-20 23:18:17" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-59qg-93jg-236f" ] ] ] [ "advisoryId" => "PKSA-88mf-d614-87c1" "packageName" => "shopware/core" "remoteId" => "GHSA-7cp7-jfp6-jh4f" "title" => "Shopware's log module vulnerable to Improper Output Neutralization" "link" => "https://github.com/advisories/GHSA-7cp7-jfp6-jh4f" "cve" => "CVE-2023-22733" "affectedVersions" => "<=6.4.18.0" "source" => "GitHub" "reportedAt" => "2023-01-20 17:33:54" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-7cp7-jfp6-jh4f" ] ] ] [ "advisoryId" => "PKSA-s94v-mcmm-ycmg" "packageName" => "shopware/core" "remoteId" => "GHSA-93cw-f5jj-x85w" "title" => "Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views" "link" => "https://github.com/advisories/GHSA-93cw-f5jj-x85w" "cve" => "CVE-2023-22731" "affectedVersions" => "<=6.4.18.0" "source" => "GitHub" "reportedAt" => "2023-01-17 23:58:06" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-93cw-f5jj-x85w" ] ] ] [ "advisoryId" => "PKSA-zr2k-54cr-tb84" "packageName" => "shopware/core" "remoteId" => "GHSA-8r6h-m72v-38fg" "title" => "Shopware vulnerable to Improper Input Validation of Clearance sale in cart" "link" => "https://github.com/advisories/GHSA-8r6h-m72v-38fg" "cve" => "CVE-2023-22730" "affectedVersions" => "<=6.4.18.0" "source" => "GitHub" "reportedAt" => "2023-01-17 23:57:23" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-8r6h-m72v-38fg" ] ] ] [ "advisoryId" => "PKSA-9p6y-gqwk-1x5q" "packageName" => "shopware/core" "remoteId" => "GHSA-r4ph-mx67-x58p" "title" => "Shopware database password is leaked to an unauthenticated users" "link" => "https://github.com/advisories/GHSA-r4ph-mx67-x58p" "cve" => "CVE-2020-13997" "affectedVersions" => ">=6.0.0,<6.2.3" "source" => "GitHub" "reportedAt" => "2022-05-24 17:24:28" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-r4ph-mx67-x58p" ] ] ] [ "advisoryId" => "PKSA-np7f-fmcq-spzn" "packageName" => "shopware/core" "remoteId" => "GHSA-9wrv-g75h-8ccc" "title" => "Improper Access Control in Shopware" "link" => "https://github.com/advisories/GHSA-9wrv-g75h-8ccc" "cve" => "CVE-2022-24872" "affectedVersions" => "<=6.3.4.0" "source" => "GitHub" "reportedAt" => "2022-04-22 21:04:27" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-9wrv-g75h-8ccc" ] ] ] [ "advisoryId" => "PKSA-34sw-dmrz-s3ct" "packageName" => "shopware/core" "remoteId" => "GHSA-7gm7-8q8v-9gf2" "title" => "Server-Side Request Forgery (SSRF) in Shopware" "link" => "https://github.com/advisories/GHSA-7gm7-8q8v-9gf2" "cve" => "CVE-2022-24871" "affectedVersions" => "<=6.4.9.0" "source" => "GitHub" "reportedAt" => "2022-04-22 21:04:07" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-7gm7-8q8v-9gf2" ] ] ] [ "advisoryId" => "PKSA-3mg1-qgkz-fhzr" "packageName" => "shopware/core" "remoteId" => "GHSA-83vp-6jqg-6cmr" "title" => "Incorrect Authentication in shopware" "link" => "https://github.com/advisories/GHSA-83vp-6jqg-6cmr" "cve" => "CVE-2022-24748" "affectedVersions" => "<=6.4.8.1" "source" => "GitHub" "reportedAt" => "2022-03-10 18:02:14" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-83vp-6jqg-6cmr" ] ] ] [ "advisoryId" => "PKSA-ccnj-bqfc-887j" "packageName" => "shopware/core" "remoteId" => "GHSA-6wrh-279j-6hvw" "title" => "HTTP caching is marking private HTTP headers as public in Shopware" "link" => "https://github.com/advisories/GHSA-6wrh-279j-6hvw" "cve" => "CVE-2022-24747" "affectedVersions" => "<=6.4.8.1" "source" => "GitHub" "reportedAt" => "2022-03-10 17:55:21" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-6wrh-279j-6hvw" ] ] ] [ "advisoryId" => "PKSA-tnyf-cn12-jhmf" "packageName" => "shopware/core" "remoteId" => "GHSA-952p-fqcp-g8pc" "title" => "HTML injection possibility in voucher code form in Shopware" "link" => "https://github.com/advisories/GHSA-952p-fqcp-g8pc" "cve" => "CVE-2022-24746" "affectedVersions" => "<=6.4.8.0" "source" => "GitHub" "reportedAt" => "2022-03-10 17:49:26" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-952p-fqcp-g8pc" ] ] ] [ "advisoryId" => "PKSA-9h2g-h8jc-v38b" "packageName" => "shopware/core" "remoteId" => "GHSA-w267-m9c4-8555" "title" => "Shopware user session is not logged out if the password is reset via password recovery" "link" => "https://github.com/advisories/GHSA-w267-m9c4-8555" "cve" => "CVE-2022-24744" "affectedVersions" => "<=6.4.8.0" "source" => "GitHub" "reportedAt" => "2022-03-10 17:37:43" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-w267-m9c4-8555" ] ] ] [ "advisoryId" => "PKSA-r6j6-5wr2-cc9q" "packageName" => "shopware/core" "remoteId" => "GHSA-r64m-qchj-hrjp" "title" => "Webcache Poisoning in shopware/platform and shopware/core" "link" => "https://github.com/advisories/GHSA-r64m-qchj-hrjp" "cve" => null "affectedVersions" => "<=6.4.6.0" "source" => "GitHub" "reportedAt" => "2021-11-24 20:05:19" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-r64m-qchj-hrjp" ] ] ] [ "advisoryId" => "PKSA-tncs-rfhx-6t79" "packageName" => "shopware/core" "remoteId" => "GHSA-54gp-qff8-946c" "title" => "Insecure direct object reference of log files of the Import/Export feature" "link" => "https://github.com/advisories/GHSA-54gp-qff8-946c" "cve" => "CVE-2021-37709" "affectedVersions" => "<=6.4.3.0" "source" => "GitHub" "reportedAt" => "2021-08-30 16:14:19" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-54gp-qff8-946c" ] ] ] [ "advisoryId" => "PKSA-wctr-h2vg-1nrg" "packageName" => "shopware/core" "remoteId" => "GHSA-xh55-2fqp-p775" "title" => "Command injection in mail agent settings" "link" => "https://github.com/advisories/GHSA-xh55-2fqp-p775" "cve" => "CVE-2021-37708" "affectedVersions" => "<=6.4.3.0" "source" => "GitHub" "reportedAt" => "2021-08-30 16:14:09" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-xh55-2fqp-p775" ] ] ] [ "advisoryId" => "PKSA-76b3-wj95-w3n3" "packageName" => "shopware/core" "remoteId" => "GHSA-9f8f-574q-8jmf" "title" => "Manipulation of product reviews via API" "link" => "https://github.com/advisories/GHSA-9f8f-574q-8jmf" "cve" => "CVE-2021-37707" "affectedVersions" => "<=6.4.3.0" "source" => "GitHub" "reportedAt" => "2021-08-30 16:14:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-9f8f-574q-8jmf" ] ] ] [ "advisoryId" => "PKSA-dcdx-j2xt-9813" "packageName" => "shopware/core" "remoteId" => "GHSA-fc38-mxwr-pfhx" "title" => "Cross-Site Scripting via SVG media files" "link" => "https://github.com/advisories/GHSA-fc38-mxwr-pfhx" "cve" => "CVE-2021-37710" "affectedVersions" => "<=6.4.3.0" "source" => "GitHub" "reportedAt" => "2021-08-23 19:43:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-fc38-mxwr-pfhx" ] ] ] [ "advisoryId" => "PKSA-3yhk-2pz8-h48v" "packageName" => "shopware/core" "remoteId" => "GHSA-gcvv-gq92-x94r" "title" => "Authenticated server-side request forgery in file upload via URL." "link" => "https://github.com/advisories/GHSA-gcvv-gq92-x94r" "cve" => "CVE-2021-37711" "affectedVersions" => "<=6.4.3.0" "source" => "GitHub" "reportedAt" => "2021-08-23 19:42:49" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-gcvv-gq92-x94r" ] ] ] [ "advisoryId" => "PKSA-3p6r-87dj-whfm" "packageName" => "shopware/core" "remoteId" => "GHSA-243q-g9j3-qf6r" "title" => "non-admin users can create integration role with administrator role" "link" => "https://github.com/advisories/GHSA-243q-g9j3-qf6r" "cve" => null "affectedVersions" => "<=6.4.1.0" "source" => "GitHub" "reportedAt" => "2021-06-28 18:21:01" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-243q-g9j3-qf6r" ] ] ] [ "advisoryId" => "PKSA-8p45-24gp-8k7z" "packageName" => "shopware/core" "remoteId" => "GHSA-gpmh-g94g-qrhr" "title" => "Internal hidden fields are visible on to many associations in admin api" "link" => "https://github.com/advisories/GHSA-gpmh-g94g-qrhr" "cve" => null "affectedVersions" => "<=6.4.1.0" "source" => "GitHub" "reportedAt" => "2021-06-28 18:20:53" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-gpmh-g94g-qrhr" ] ] ] [ "advisoryId" => "PKSA-kgcc-rqqz-w9xv" "packageName" => "shopware/core" "remoteId" => "GHSA-vrf2-xghr-j52v" "title" => "Private files publicly accessible with Cloud Storage providers" "link" => "https://github.com/advisories/GHSA-vrf2-xghr-j52v" "cve" => null "affectedVersions" => "<=6.4.1.0" "source" => "GitHub" "reportedAt" => "2021-06-28 18:20:42" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-vrf2-xghr-j52v" ] ] ] [ "advisoryId" => "PKSA-2xdh-9trx-qcrk" "packageName" => "shopware/core" "remoteId" => "GHSA-g7w8-pp9w-7p32" "title" => "Creation of order credits was not validated by acl in admin orders" "link" => "https://github.com/advisories/GHSA-g7w8-pp9w-7p32" "cve" => null "affectedVersions" => "<=6.4.1.0" "source" => "GitHub" "reportedAt" => "2021-06-28 16:57:32" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-g7w8-pp9w-7p32" ] ] ] [ "advisoryId" => "PKSA-k445-97f2-7qf2" "packageName" => "shopware/core" "remoteId" => "GHSA-wq3r-jwrq-xg6w" "title" => "Canceling of orders not related to the logged-in user" "link" => "https://github.com/advisories/GHSA-wq3r-jwrq-xg6w" "cve" => null "affectedVersions" => "<=6.4.1.0" "source" => "GitHub" "reportedAt" => "2021-06-28 16:57:23" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-wq3r-jwrq-xg6w" ] ] ] [ "advisoryId" => "PKSA-r1zt-9fkv-dfbw" "packageName" => "shopware/core" "remoteId" => "GHSA-88rc-3p98-rgvx" "title" => "After order payment process manipulation in shopware/platform and shopware/core " "link" => "https://github.com/advisories/GHSA-88rc-3p98-rgvx" "cve" => null "affectedVersions" => "<=6.3.5.2" "source" => "GitHub" "reportedAt" => "2021-04-13 15:13:48" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-88rc-3p98-rgvx" ] ] ] [ "advisoryId" => "PKSA-yqs3-j5sh-fdbk" "packageName" => "shopware/core" "remoteId" => "GHSA-qg7c-q3vq-rgxr" "title" => "Leak of information via Store-API aggregations in shopware/platform and shopware/core" "link" => "https://github.com/advisories/GHSA-qg7c-q3vq-rgxr" "cve" => null "affectedVersions" => "<=6.3.5.2" "source" => "GitHub" "reportedAt" => "2021-04-13 15:13:26" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-qg7c-q3vq-rgxr" ] ] ] [ "advisoryId" => "PKSA-vjm7-rzy9-mbj6" "packageName" => "shopware/core" "remoteId" => "GHSA-8pfh-mm2g-hmc3" "title" => "Authenticated Server Side Request Forgery" "link" => "https://github.com/advisories/GHSA-8pfh-mm2g-hmc3" "cve" => null "affectedVersions" => "<=6.3.4.0" "source" => "GitHub" "reportedAt" => "2020-12-21 18:01:24" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-8pfh-mm2g-hmc3" ] ] ] [ "advisoryId" => "PKSA-38x3-88s9-63nc" "packageName" => "shopware/core" "remoteId" => "GHSA-cq6h-w3mc-57f4" "title" => "Information exposure via query strings in URL" "link" => "https://github.com/advisories/GHSA-cq6h-w3mc-57f4" "cve" => null "affectedVersions" => "<=6.3.4.0" "source" => "GitHub" "reportedAt" => "2020-12-21 18:01:16" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-cq6h-w3mc-57f4" ] ] ] [ "advisoryId" => "PKSA-8v5c-w6ym-24yy" "packageName" => "shopware/core" "remoteId" => "GHSA-5q58-x5h2-v5rx" "title" => "Authenticated Privilege Escalation" "link" => "https://github.com/advisories/GHSA-5q58-x5h2-v5rx" "cve" => null "affectedVersions" => "<=6.3.4.0" "source" => "GitHub" "reportedAt" => "2020-12-21 18:01:08" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-5q58-x5h2-v5rx" ] ] ] [ "advisoryId" => "PKSA-vnb3-v6ks-9jtq" "packageName" => "shopware/core" "remoteId" => "GHSA-p68v-frgx-4rjp" "title" => "Denial of Service via Cache Flooding" "link" => "https://github.com/advisories/GHSA-p68v-frgx-4rjp" "cve" => null "affectedVersions" => "<=6.3.2.0" "source" => "GitHub" "reportedAt" => "2020-10-19 21:34:14" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-p68v-frgx-4rjp" ] ] ] [ "advisoryId" => "PKSA-d2xz-mykd-kfb6" "packageName" => "shopware/core" "remoteId" => "GHSA-8xv9-qcr9-ww9j" "title" => "Authenticated XML External Entity Processing" "link" => "https://github.com/advisories/GHSA-8xv9-qcr9-ww9j" "cve" => null "affectedVersions" => "<=6.3.2.0" "source" => "GitHub" "reportedAt" => "2020-10-19 21:32:18" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-8xv9-qcr9-ww9j" ] ] ] [ "advisoryId" => "PKSA-y1sr-zggs-293q" "packageName" => "shopware/core" "remoteId" => "GHSA-qvhr-55hg-3qwv" "title" => "Non-persistent XSS in the Storefront in Shopware" "link" => "https://github.com/advisories/GHSA-qvhr-55hg-3qwv" "cve" => null "affectedVersions" => "<=6.3.1.0" "source" => "GitHub" "reportedAt" => "2020-09-23 17:20:39" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-qvhr-55hg-3qwv" ] ] ] [ "advisoryId" => "PKSA-3fgf-95z8-37f5" "packageName" => "shopware/core" "remoteId" => "GHSA-qvc5-cfrr-384v" "title" => "RCE in Third Party Library in Shopware" "link" => "https://github.com/advisories/GHSA-qvc5-cfrr-384v" "cve" => null "affectedVersions" => "<=6.3.1.0" "source" => "GitHub" "reportedAt" => "2020-09-23 17:20:28" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-qvc5-cfrr-384v" ] ] ] ] "shopware/production" => [ [ "advisoryId" => "PKSA-47yc-smrt-btrv" "packageName" => "shopware/production" "remoteId" => "GHSA-3pcr-4982-548m" "title" => "Exposure of .env if project root is configured as web root in shopware/production" "link" => "https://github.com/advisories/GHSA-3pcr-4982-548m" "cve" => null "affectedVersions" => "<=6.3.5.2" "source" => "GitHub" "reportedAt" => "2021-04-13 15:13:37" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-3pcr-4982-548m" ] ] ] ] "shopware/storefront" => [ [ "advisoryId" => "PKSA-hv1g-94j4-tpht" "packageName" => "shopware/storefront" "remoteId" => "GHSA-6w82-v552-wjw2" "title" => "Shopware Storefront Reflected XSS in Storefront Login Page" "link" => "https://github.com/advisories/GHSA-6w82-v552-wjw2" "cve" => "CVE-2025-67648" "affectedVersions" => ">=6.7.0.0,<6.7.5.1|>=6.4.6.0,<6.6.10.10" "source" => "GitHub" "reportedAt" => "2025-12-09 17:24:21" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-6w82-v552-wjw2" ] ] ] [ "advisoryId" => "PKSA-5pbs-7q37-td9b" "packageName" => "shopware/storefront" "remoteId" => "GHSA-c2f9-4jmm-v45m" "title" => "Shopware's session is persistent in Cache for 404 pages" "link" => "https://github.com/advisories/GHSA-c2f9-4jmm-v45m" "cve" => "CVE-2024-27917" "affectedVersions" => ">=6.5.8.0,<6.5.8.7" "source" => "GitHub" "reportedAt" => "2024-03-06 15:06:54" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-c2f9-4jmm-v45m" ] ] ] [ "advisoryId" => "PKSA-jkxk-vsfj-5htm" "packageName" => "shopware/storefront" "remoteId" => "GHSA-6wrh-279j-6hvw" "title" => "HTTP caching is marking private HTTP headers as public in Shopware" "link" => "https://github.com/advisories/GHSA-6wrh-279j-6hvw" "cve" => "CVE-2022-24747" "affectedVersions" => "<=6.4.8.1" "source" => "GitHub" "reportedAt" => "2022-03-10 17:55:21" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-6wrh-279j-6hvw" ] ] ] [ "advisoryId" => "PKSA-8jwr-9m26-8fx2" "packageName" => "shopware/storefront" "remoteId" => "GHSA-952p-fqcp-g8pc" "title" => "HTML injection possibility in voucher code form in Shopware" "link" => "https://github.com/advisories/GHSA-952p-fqcp-g8pc" "cve" => "CVE-2022-24746" "affectedVersions" => "<=6.4.8.0" "source" => "GitHub" "reportedAt" => "2022-03-10 17:49:26" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-952p-fqcp-g8pc" ] ] ] [ "advisoryId" => "PKSA-yfgt-8j4b-756q" "packageName" => "shopware/storefront" "remoteId" => "GHSA-jp6h-mxhx-pgqh" "title" => "Shopware guest session is shared between customers" "link" => "https://github.com/advisories/GHSA-jp6h-mxhx-pgqh" "cve" => "CVE-2022-24745" "affectedVersions" => "<=6.4.8.1" "source" => "GitHub" "reportedAt" => "2022-03-10 17:28:55" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-jp6h-mxhx-pgqh" ] ] ] ] "sebastian/type" => [] "sebastian/version" => [] "seld/jsonlint" => [] "seld/phar-utils" => [] "seld/signal-handler" => [] "setasign/fpdf" => [] "setasign/tfpdf" => [] "shopware/administration" => [] "shopware/conflicts" => [] "shopware/dev-tools" => [] "shopware/elasticsearch" => [] "shopwarelabs/images-generator" => [] "shyim/opensearch-php-dsl" => [] "smalot/pdfparser" => [] "squirrelphp/twig-php-syntax" => [] "staabm/side-effects-detector" => [] ] ] ] |
|
| GET | https://packagist.org/api/security-advisories/ | |
|---|---|---|
| Request options | [ "query" => [ "packages" => [ "symfony/asset" "symfony/browser-kit" "symfony/cache" "symfony/cache-contracts" "symfony/clock" "symfony/config" "symfony/console" "symfony/debug-bundle" "symfony/dependency-injection" "symfony/doctrine-bridge" "symfony/doctrine-messenger" "symfony/dom-crawler" "symfony/dotenv" "symfony/error-handler" "symfony/event-dispatcher" "symfony/event-dispatcher-contracts" "symfony/filesystem" "symfony/finder" "symfony/flex" "symfony/framework-bundle" ] ] "timeout" => 15 ] |
|
| Response |
200
[ "info" => [ "header_size" => 1444 "request_size" => 793 "total_time" => 0.045359 "pretransfer_time" => 0.000135 "size_download" => 1981.0 "speed_download" => 43673.0 "starttransfer_time" => 0.0452 "primary_ip" => "169.150.247.35" "primary_port" => 443 "local_ip" => "45.152.250.86" "local_port" => 16816 "http_version" => 3 "protocol" => 2 "scheme" => "https" "pretransfer_time_us" => 135 "starttransfer_time_us" => 45200 "posttransfer_time_us" => 134 "total_time_us" => 45359 "effective_method" => "GET" "cainfo" => "/etc/pki/tls/certs/ca-bundle.crt" "start_time" => 1781720190.3179 "original_url" => "https://packagist.org/api/security-advisories/?packages[0]=symfony/asset&packages[1]=symfony/browser-kit&packages[2]=symfony/cache&packages[3]=symfony/cache-contracts&packages[4]=symfony/clock&packages[5]=symfony/config&packages[6]=symfony/console&packages[7]=symfony/debug-bundle&packages[8]=symfony/dependency-injection&packages[9]=symfony/doctrine-bridge&packages[10]=symfony/doctrine-messenger&packages[11]=symfony/dom-crawler&packages[12]=symfony/dotenv&packages[13]=symfony/error-handler&packages[14]=symfony/event-dispatcher&packages[15]=symfony/event-dispatcher-contracts&packages[16]=symfony/filesystem&packages[17]=symfony/finder&packages[18]=symfony/flex&packages[19]=symfony/framework-bundle" "pause_handler" => Closure(float $duration) {#1523 : "Symfony\Component\HttpClient\Response\CurlResponse" : { : CurlHandle {#1555 …} : Symfony\Component\HttpClient\Internal\CurlClientState {#1362 …} : -9223372036854775782 } } "debug" => """ * Reusing existing https: connection with host packagist.org\n * [HTTP/2] [13] OPENED stream for https://packagist.org/api/security-advisories/?packages[0]=symfony/asset&packages[1]=symfony/browser-kit&packages[2]=symfony/cache&packages[3]=symfony/cache-contracts&packages[4]=symfony/clock&packages[5]=symfony/config&packages[6]=symfony/console&packages[7]=symfony/debug-bundle&packages[8]=symfony/dependency-injection&packages[9]=symfony/doctrine-bridge&packages[10]=symfony/doctrine-messenger&packages[11]=symfony/dom-crawler&packages[12]=symfony/dotenv&packages[13]=symfony/error-handler&packages[14]=symfony/event-dispatcher&packages[15]=symfony/event-dispatcher-contracts&packages[16]=symfony/filesystem&packages[17]=symfony/finder&packages[18]=symfony/flex&packages[19]=symfony/framework-bundle\n * [HTTP/2] [13] [:method: GET]\n * [HTTP/2] [13] [:scheme: https]\n * [HTTP/2] [13] [:authority: packagist.org]\n * [HTTP/2] [13] [:path: /api/security-advisories/?packages[0]=symfony/asset&packages[1]=symfony/browser-kit&packages[2]=symfony/cache&packages[3]=symfony/cache-contracts&packages[4]=symfony/clock&packages[5]=symfony/config&packages[6]=symfony/console&packages[7]=symfony/debug-bundle&packages[8]=symfony/dependency-injection&packages[9]=symfony/doctrine-bridge&packages[10]=symfony/doctrine-messenger&packages[11]=symfony/dom-crawler&packages[12]=symfony/dotenv&packages[13]=symfony/error-handler&packages[14]=symfony/event-dispatcher&packages[15]=symfony/event-dispatcher-contracts&packages[16]=symfony/filesystem&packages[17]=symfony/finder&packages[18]=symfony/flex&packages[19]=symfony/framework-bundle]\n * [HTTP/2] [13] [accept: */*]\n * [HTTP/2] [13] [user-agent: Symfony HttpClient (Curl)]\n * [HTTP/2] [13] [accept-encoding: gzip]\n > GET /api/security-advisories/?packages[0]=symfony/asset&packages[1]=symfony/browser-kit&packages[2]=symfony/cache&packages[3]=symfony/cache-contracts&packages[4]=symfony/clock&packages[5]=symfony/config&packages[6]=symfony/console&packages[7]=symfony/debug-bundle&packages[8]=symfony/dependency-injection&packages[9]=symfony/doctrine-bridge&packages[10]=symfony/doctrine-messenger&packages[11]=symfony/dom-crawler&packages[12]=symfony/dotenv&packages[13]=symfony/error-handler&packages[14]=symfony/event-dispatcher&packages[15]=symfony/event-dispatcher-contracts&packages[16]=symfony/filesystem&packages[17]=symfony/finder&packages[18]=symfony/flex&packages[19]=symfony/framework-bundle HTTP/2\r\n Host: packagist.org\r\n Accept: */*\r\n User-Agent: Symfony HttpClient (Curl)\r\n Accept-Encoding: gzip\r\n \r\n * Request completely sent off\n < HTTP/2 200 \r\n < date: Wed, 17 Jun 2026 18:16:30 GMT\r\n < content-type: application/json\r\n < vary: Accept-Encoding\r\n < server: BunnyCDN-DE1-1078\r\n < cdn-pullzone: 3535225\r\n < cdn-requestcountrycode: NL\r\n < cache-control: max-age=0, must-revalidate, private\r\n < expires: Wed, 17 Jun 2026 18:16:30 GMT\r\n < strict-transport-security: max-age=31104000\r\n < x-frame-options: DENY\r\n < content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-xss-protection: 1; mode=block\r\n < referrer-policy: strict-origin-when-cross-origin\r\n < x-content-type-options: nosniff\r\n < cdn-proxyver: 1.57\r\n < cdn-requestpullsuccess: True\r\n < cdn-requestpullcode: 200\r\n < cdn-cachedat: 06/17/2026 18:16:30\r\n < cdn-edgestorageid: 1075\r\n < cdn-requestid: 2e117841057349a7d525584b9e0f734f\r\n < cdn-cache: MISS\r\n < cdn-status: 200\r\n < cdn-requesttime: 0\r\n < content-encoding: gzip\r\n < \r\n """ ] "url" => "https://packagist.org/api/security-advisories/?packages[0]=symfony/asset&packages[1]=symfony/browser-kit&packages[2]=symfony/cache&packages[3]=symfony/cache-contracts&packages[4]=symfony/clock&packages[5]=symfony/config&packages[6]=symfony/console&packages[7]=symfony/debug-bundle&packages[8]=symfony/dependency-injection&packages[9]=symfony/doctrine-bridge&packages[10]=symfony/doctrine-messenger&packages[11]=symfony/dom-crawler&packages[12]=symfony/dotenv&packages[13]=symfony/error-handler&packages[14]=symfony/event-dispatcher&packages[15]=symfony/event-dispatcher-contracts&packages[16]=symfony/filesystem&packages[17]=symfony/finder&packages[18]=symfony/flex&packages[19]=symfony/framework-bundle" "response_headers" => [ "HTTP/2 200 " "date: Wed, 17 Jun 2026 18:16:30 GMT" "content-type: application/json" "vary: Accept-Encoding" "server: BunnyCDN-DE1-1078" "cdn-pullzone: 3535225" "cdn-requestcountrycode: NL" "cache-control: max-age=0, must-revalidate, private" "expires: Wed, 17 Jun 2026 18:16:30 GMT" "strict-transport-security: max-age=31104000" "x-frame-options: DENY" "content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-xss-protection: 1; mode=block" "referrer-policy: strict-origin-when-cross-origin" "x-content-type-options: nosniff" "cdn-proxyver: 1.57" "cdn-requestpullsuccess: True" "cdn-requestpullcode: 200" "cdn-cachedat: 06/17/2026 18:16:30" "cdn-edgestorageid: 1075" "cdn-requestid: 2e117841057349a7d525584b9e0f734f" "cdn-cache: MISS" "cdn-status: 200" "cdn-requesttime: 0" "content-encoding: gzip" ] "response_json" => [ "advisories" => [ "symfony/cache" => [ [ "advisoryId" => "PKSA-z7t6-zt6p-wtng" "packageName" => "symfony/cache" "remoteId" => "symfony/cache/CVE-2026-45073.yaml" "title" => "CVE-2026-45073: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix" "link" => "https://symfony.com/cve-2026-45073" "cve" => "CVE-2026-45073" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-6qh9-h6wf-jgqc" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/cache/CVE-2026-45073.yaml" ] ] ] [ "advisoryId" => "PKSA-w17b-j6zx-knvn" "packageName" => "symfony/cache" "remoteId" => "symfony/cache/CVE-2019-18889.yaml" "title" => "CVE-2019-18889: Forbid serializing AbstractAdapter and TagAwareAdapter instances" "link" => "https://symfony.com/cve-2019-18889" "cve" => "CVE-2019-18889" "affectedVersions" => ">=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.35|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0|>=4.2.0,<4.2.12|>=4.3.0,<4.3.8" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2019-11-13 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-79gr-58r3-pwm3" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/cache/CVE-2019-18889.yaml" ] ] ] [ "advisoryId" => "PKSA-y75j-trtt-wgfj" "packageName" => "symfony/cache" "remoteId" => "symfony/cache/CVE-2019-10912.yaml" "title" => "CVE-2019-10912: Prevent destructors with side-effects from being unserialized" "link" => "https://symfony.com/cve-2019-10912" "cve" => "CVE-2019-10912" "affectedVersions" => ">=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.26|>=4.0.0,<4.1.0|>=4.1.0,<4.1.12|>=4.2.0,<4.2.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2019-04-16 11:01:24" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-w2fr-65vp-mxw3" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/cache/CVE-2019-10912.yaml" ] ] ] ] "symfony/dependency-injection" => [ [ "advisoryId" => "PKSA-g5sp-m8wk-grpd" "packageName" => "symfony/dependency-injection" "remoteId" => "symfony/dependency-injection/CVE-2019-10910.yaml" "title" => "CVE-2019-10910: Check service IDs are valid" "link" => "https://symfony.com/cve-2019-10910" "cve" => "CVE-2019-10910" "affectedVersions" => ">=2.7.0,<2.7.51|>=2.8.0,<2.8.50|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.26|>=4.0.0,<4.1.0|>=4.1.0,<4.1.12|>=4.2.0,<4.2.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2019-04-16 12:48:27" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-pgwj-prpq-jpc2" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/dependency-injection/CVE-2019-10910.yaml" ] ] ] [ "advisoryId" => "PKSA-q1m3-5gzj-p6jw" "packageName" => "symfony/dependency-injection" "remoteId" => "symfony/dependency-injection/2012-08-28.yaml" "title" => "Security fixes related to the way XML is handled" "link" => "https://symfony.com/blog/security-release-symfony-2-0-17-released" "cve" => null "affectedVersions" => ">=2.0.0,<2.0.17" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2012-08-28 00:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-c636-cg5r-2498" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/dependency-injection/2012-08-28.yaml" ] ] ] ] "symfony/dom-crawler" => [ [ "advisoryId" => "PKSA-5r1g-c7b7-y1zg" "packageName" => "symfony/dom-crawler" "remoteId" => "symfony/dom-crawler/CVE-2026-45071.yaml" "title" => "CVE-2026-45071: XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true" "link" => "https://symfony.com/cve-2026-45071" "cve" => "CVE-2026-45071" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-x6g4-fwcc-jj8w" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/dom-crawler/CVE-2026-45071.yaml" ] ] ] ] "symfony/error-handler" => [ [ "advisoryId" => "PKSA-879x-hms2-k3mp" "packageName" => "symfony/error-handler" "remoteId" => "symfony/error-handler/CVE-2020-5274.yaml" "title" => "CVE-2020-5274: Fix Exception message escaping rendered by ErrorHandler" "link" => "https://symfony.com/cve-2020-5274" "cve" => "CVE-2020-5274" "affectedVersions" => ">=4.4.0,<4.4.4|>=5.0.0,<5.0.4" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2020-03-30 14:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-m884-279h-32v2" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/error-handler/CVE-2020-5274.yaml" ] ] ] ] "symfony/framework-bundle" => [ [ "advisoryId" => "PKSA-br8k-ghrn-5w34" "packageName" => "symfony/framework-bundle" "remoteId" => "symfony/framework-bundle/CVE-2022-23601.yaml" "title" => "CVE-2022-23601: CSRF token missing in forms" "link" => "https://symfony.com/cve-2022-23601" "cve" => "CVE-2022-23601" "affectedVersions" => ">=5.3.14,<5.3.15|>=5.4.3,<5.4.4|>=6.0.3,<6.0.4" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-01-29 12:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-vvmr-8829-6whx" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/framework-bundle/CVE-2022-23601.yaml" ] ] ] [ "advisoryId" => "PKSA-q2sm-x6px-qrth" "packageName" => "symfony/framework-bundle" "remoteId" => "symfony/framework-bundle/CVE-2019-10909.yaml" "title" => "CVE-2019-10909: Escape validation messages in the PHP templating engine" "link" => "https://symfony.com/cve-2019-10909" "cve" => "CVE-2019-10909" "affectedVersions" => ">=2.7.0,<2.7.51|>=2.8.0,<2.8.50|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.26|>=4.0.0,<4.1.0|>=4.1.0,<4.1.12|>=4.2.0,<4.2.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2019-04-16 11:40:42" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-g996-q5r8-w7g2" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/framework-bundle/CVE-2019-10909.yaml" ] ] ] [ "advisoryId" => "PKSA-vhr9-kcbz-8dgv" "packageName" => "symfony/framework-bundle" "remoteId" => "symfony/framework-bundle/CVE-2014-4931.yaml" "title" => "Code injection in the way Symfony implements translation caching in FrameworkBundle" "link" => "https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released" "cve" => "CVE-2014-4931" "affectedVersions" => ">=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.18|>=2.4.0,<2.4.8|>=2.5.0,<2.5.2" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2014-07-15 15:35:51" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-wfv7-5x33-v22h" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/framework-bundle/CVE-2014-4931.yaml" ] ] ] ] "symfony/asset" => [] "symfony/browser-kit" => [] "symfony/cache-contracts" => [] "symfony/clock" => [] "symfony/config" => [] "symfony/console" => [] "symfony/debug-bundle" => [] "symfony/doctrine-bridge" => [] "symfony/doctrine-messenger" => [] "symfony/dotenv" => [] "symfony/event-dispatcher" => [] "symfony/event-dispatcher-contracts" => [] "symfony/filesystem" => [] "symfony/finder" => [] "symfony/flex" => [] ] ] ] |
|
| GET | https://packagist.org/api/security-advisories/ | |
|---|---|---|
| Request options | [ "query" => [ "packages" => [ "symfony/http-client" "symfony/http-client-contracts" "symfony/http-foundation" "symfony/http-kernel" "symfony/intl" "symfony/lock" "symfony/mailer" "symfony/messenger" "symfony/mime" "symfony/monolog-bridge" "symfony/monolog-bundle" "symfony/options-resolver" "symfony/password-hasher" "symfony/polyfill-php83" "symfony/polyfill-php84" "symfony/polyfill-php85" "symfony/process" "symfony/property-access" "symfony/property-info" "symfony/proxy-manager-bridge" ] ] "timeout" => 15 ] |
|
| Response |
200
[ "info" => [ "header_size" => 1444 "request_size" => 807 "total_time" => 0.03827 "pretransfer_time" => 0.00013 "size_download" => 4843.0 "speed_download" => 126548.0 "starttransfer_time" => 0.037869 "primary_ip" => "169.150.247.35" "primary_port" => 443 "local_ip" => "45.152.250.86" "local_port" => 16816 "http_version" => 3 "protocol" => 2 "scheme" => "https" "pretransfer_time_us" => 130 "starttransfer_time_us" => 37869 "posttransfer_time_us" => 130 "total_time_us" => 38270 "effective_method" => "GET" "cainfo" => "/etc/pki/tls/certs/ca-bundle.crt" "start_time" => 1781720190.3647 "original_url" => "https://packagist.org/api/security-advisories/?packages[0]=symfony/http-client&packages[1]=symfony/http-client-contracts&packages[2]=symfony/http-foundation&packages[3]=symfony/http-kernel&packages[4]=symfony/intl&packages[5]=symfony/lock&packages[6]=symfony/mailer&packages[7]=symfony/messenger&packages[8]=symfony/mime&packages[9]=symfony/monolog-bridge&packages[10]=symfony/monolog-bundle&packages[11]=symfony/options-resolver&packages[12]=symfony/password-hasher&packages[13]=symfony/polyfill-php83&packages[14]=symfony/polyfill-php84&packages[15]=symfony/polyfill-php85&packages[16]=symfony/process&packages[17]=symfony/property-access&packages[18]=symfony/property-info&packages[19]=symfony/proxy-manager-bridge" "pause_handler" => Closure(float $duration) {#1552 : "Symfony\Component\HttpClient\Response\CurlResponse" : { : CurlHandle {#1530 …} : Symfony\Component\HttpClient\Internal\CurlClientState {#1362 …} : -9223372036854775779 } } "debug" => """ * Reusing existing https: connection with host packagist.org\n * [HTTP/2] [15] OPENED stream for https://packagist.org/api/security-advisories/?packages[0]=symfony/http-client&packages[1]=symfony/http-client-contracts&packages[2]=symfony/http-foundation&packages[3]=symfony/http-kernel&packages[4]=symfony/intl&packages[5]=symfony/lock&packages[6]=symfony/mailer&packages[7]=symfony/messenger&packages[8]=symfony/mime&packages[9]=symfony/monolog-bridge&packages[10]=symfony/monolog-bundle&packages[11]=symfony/options-resolver&packages[12]=symfony/password-hasher&packages[13]=symfony/polyfill-php83&packages[14]=symfony/polyfill-php84&packages[15]=symfony/polyfill-php85&packages[16]=symfony/process&packages[17]=symfony/property-access&packages[18]=symfony/property-info&packages[19]=symfony/proxy-manager-bridge\n * [HTTP/2] [15] [:method: GET]\n * [HTTP/2] [15] [:scheme: https]\n * [HTTP/2] [15] [:authority: packagist.org]\n * [HTTP/2] [15] [:path: /api/security-advisories/?packages[0]=symfony/http-client&packages[1]=symfony/http-client-contracts&packages[2]=symfony/http-foundation&packages[3]=symfony/http-kernel&packages[4]=symfony/intl&packages[5]=symfony/lock&packages[6]=symfony/mailer&packages[7]=symfony/messenger&packages[8]=symfony/mime&packages[9]=symfony/monolog-bridge&packages[10]=symfony/monolog-bundle&packages[11]=symfony/options-resolver&packages[12]=symfony/password-hasher&packages[13]=symfony/polyfill-php83&packages[14]=symfony/polyfill-php84&packages[15]=symfony/polyfill-php85&packages[16]=symfony/process&packages[17]=symfony/property-access&packages[18]=symfony/property-info&packages[19]=symfony/proxy-manager-bridge]\n * [HTTP/2] [15] [accept: */*]\n * [HTTP/2] [15] [user-agent: Symfony HttpClient (Curl)]\n * [HTTP/2] [15] [accept-encoding: gzip]\n > GET /api/security-advisories/?packages[0]=symfony/http-client&packages[1]=symfony/http-client-contracts&packages[2]=symfony/http-foundation&packages[3]=symfony/http-kernel&packages[4]=symfony/intl&packages[5]=symfony/lock&packages[6]=symfony/mailer&packages[7]=symfony/messenger&packages[8]=symfony/mime&packages[9]=symfony/monolog-bridge&packages[10]=symfony/monolog-bundle&packages[11]=symfony/options-resolver&packages[12]=symfony/password-hasher&packages[13]=symfony/polyfill-php83&packages[14]=symfony/polyfill-php84&packages[15]=symfony/polyfill-php85&packages[16]=symfony/process&packages[17]=symfony/property-access&packages[18]=symfony/property-info&packages[19]=symfony/proxy-manager-bridge HTTP/2\r\n Host: packagist.org\r\n Accept: */*\r\n User-Agent: Symfony HttpClient (Curl)\r\n Accept-Encoding: gzip\r\n \r\n * Request completely sent off\n < HTTP/2 200 \r\n < date: Wed, 17 Jun 2026 18:16:30 GMT\r\n < content-type: application/json\r\n < vary: Accept-Encoding\r\n < server: BunnyCDN-DE1-1078\r\n < cdn-pullzone: 3535225\r\n < cdn-requestcountrycode: NL\r\n < cache-control: max-age=0, must-revalidate, private\r\n < expires: Wed, 17 Jun 2026 18:16:30 GMT\r\n < strict-transport-security: max-age=31104000\r\n < x-frame-options: DENY\r\n < content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-xss-protection: 1; mode=block\r\n < referrer-policy: strict-origin-when-cross-origin\r\n < x-content-type-options: nosniff\r\n < cdn-proxyver: 1.57\r\n < cdn-requestpullsuccess: True\r\n < cdn-requestpullcode: 200\r\n < cdn-cachedat: 06/17/2026 18:16:30\r\n < cdn-edgestorageid: 1076\r\n < cdn-requestid: 84f2641054887f8052b99bbcec68bd90\r\n < cdn-cache: MISS\r\n < cdn-status: 200\r\n < cdn-requesttime: 0\r\n < content-encoding: gzip\r\n < \r\n """ ] "url" => "https://packagist.org/api/security-advisories/?packages[0]=symfony/http-client&packages[1]=symfony/http-client-contracts&packages[2]=symfony/http-foundation&packages[3]=symfony/http-kernel&packages[4]=symfony/intl&packages[5]=symfony/lock&packages[6]=symfony/mailer&packages[7]=symfony/messenger&packages[8]=symfony/mime&packages[9]=symfony/monolog-bridge&packages[10]=symfony/monolog-bundle&packages[11]=symfony/options-resolver&packages[12]=symfony/password-hasher&packages[13]=symfony/polyfill-php83&packages[14]=symfony/polyfill-php84&packages[15]=symfony/polyfill-php85&packages[16]=symfony/process&packages[17]=symfony/property-access&packages[18]=symfony/property-info&packages[19]=symfony/proxy-manager-bridge" "response_headers" => [ "HTTP/2 200 " "date: Wed, 17 Jun 2026 18:16:30 GMT" "content-type: application/json" "vary: Accept-Encoding" "server: BunnyCDN-DE1-1078" "cdn-pullzone: 3535225" "cdn-requestcountrycode: NL" "cache-control: max-age=0, must-revalidate, private" "expires: Wed, 17 Jun 2026 18:16:30 GMT" "strict-transport-security: max-age=31104000" "x-frame-options: DENY" "content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-xss-protection: 1; mode=block" "referrer-policy: strict-origin-when-cross-origin" "x-content-type-options: nosniff" "cdn-proxyver: 1.57" "cdn-requestpullsuccess: True" "cdn-requestpullcode: 200" "cdn-cachedat: 06/17/2026 18:16:30" "cdn-edgestorageid: 1076" "cdn-requestid: 84f2641054887f8052b99bbcec68bd90" "cdn-cache: MISS" "cdn-status: 200" "cdn-requesttime: 0" "content-encoding: gzip" ] "response_json" => [ "advisories" => [ "symfony/http-client" => [ [ "advisoryId" => "PKSA-35by-yxtt-jc85" "packageName" => "symfony/http-client" "remoteId" => "symfony/http-client/CVE-2026-48736.yaml" "title" => "CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient" "link" => "https://symfony.com/cve-2026-48736" "cve" => "CVE-2026-48736" "affectedVersions" => ">=5.4.0,<5.4.53" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-26 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-38cx-cq6f-5755" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-client/CVE-2026-48736.yaml" ] ] ] [ "advisoryId" => "PKSA-4k7v-pfvw-nqvp" "packageName" => "symfony/http-client" "remoteId" => "symfony/http-client/CVE-2024-50342.yaml" "title" => "CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient" "link" => "https://symfony.com/cve-2024-50342" "cve" => "CVE-2024-50342" "affectedVersions" => ">=4.3.0,<4.4.0|>=4.4.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.47|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.15|>=7.0.0,<7.1.0|>=7.1.0,<7.1.8" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2024-11-13 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-9c3x-r3wp-mgxm" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-client/CVE-2024-50342.yaml" ] ] ] ] "symfony/http-foundation" => [ [ "advisoryId" => "PKSA-y6py-qpv1-h52p" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2026-48736.yaml" "title" => "CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient" "link" => "https://symfony.com/cve-2026-48736" "cve" => "CVE-2026-48736" "affectedVersions" => ">=6.4.0,<6.4.41|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.13|>=8.0.0,<8.0.13" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-26 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-38cx-cq6f-5755" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2026-48736.yaml" ] ] ] [ "advisoryId" => "PKSA-365x-2zjk-pt47" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2025-64500.yaml" "title" => "CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass" "link" => "https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass" "cve" => "CVE-2025-64500" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.50|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.29|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2025-11-12 11:09:14" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-3rg7-wf37-54rm" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2025-64500.yaml" ] ] ] [ "advisoryId" => "PKSA-b35n-565h-rs4q" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2024-50345.yaml" "title" => "CVE-2024-50345: Open redirect via browser-sanitized URLs" "link" => "https://symfony.com/cve-2024-50345" "cve" => "CVE-2024-50345" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2024-11-05 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-mrqx-rp3w-jpjp" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2024-50345.yaml" ] ] ] [ "advisoryId" => "PKSA-t4rz-hp2g-57t1" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2020-5255.yaml" "title" => "CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header" "link" => "https://symfony.com/cve-2020-5255" "cve" => "CVE-2020-5255" "affectedVersions" => ">=4.4.0,<4.4.7|>=5.0.0,<5.0.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2020-03-30 14:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-mcx4-f5f5-4859" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2020-5255.yaml" ] ] ] [ "advisoryId" => "PKSA-9w98-4rwq-spxr" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2019-18888.yaml" "title" => "CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser" "link" => "https://symfony.com/cve-2019-18888" "cve" => "CVE-2019-18888" "affectedVersions" => ">=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.8.0|>=2.8.0,<2.8.52|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.35|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0|>=4.2.0,<4.2.12|>=4.3.0,<4.3.8" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2019-11-13 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-xhh6-956q-4q69" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2019-18888.yaml" ] ] ] [ "advisoryId" => "PKSA-324d-pqmd-hptz" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2019-10913.yaml" "title" => "CVE-2019-10913: Reject invalid HTTP method overrides" "link" => "https://symfony.com/cve-2019-10913" "cve" => "CVE-2019-10913" "affectedVersions" => ">=2.7.0,<2.7.51|>=2.8.0,<2.8.50|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.26|>=4.0.0,<4.1.0|>=4.1.0,<4.1.12|>=4.2.0,<4.2.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2019-04-16 10:45:11" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-x92h-wmg2-6hp7" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2019-10913.yaml" ] ] ] [ "advisoryId" => "PKSA-nqj4-v43p-2gxc" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2018-14773.yaml" "title" => "CVE-2018-14773: Remove support for legacy and risky HTTP headers" "link" => "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers" "cve" => "CVE-2018-14773" "affectedVersions" => ">=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.7.49|>=2.8.0,<2.8.44|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.3.18|>=3.4.0,<3.4.14|>=4.0.0,<4.0.14|>=4.1.0,<4.1.3" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2018-08-01 15:57:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-8wgj-6wx8-h5hq" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2018-14773.yaml" ] ] ] [ "advisoryId" => "PKSA-f8b8-pbjy-s9k8" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2018-11386.yaml" "title" => "CVE-2018-11386: Denial of service when using PDOSessionHandler" "link" => "https://symfony.com/cve-2018-11386" "cve" => "CVE-2018-11386" "affectedVersions" => ">=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.7.48|>=2.8.0,<2.8.41|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.3.17|>=3.4.0,<3.4.11|>=4.0.0,<4.0.11" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2018-05-25 11:46:22" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-r2rq-3h56-fqm4" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2018-11386.yaml" ] ] ] [ "advisoryId" => "PKSA-md26-zdw9-222r" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2015-2309.yaml" "title" => "Unsafe methods in the Request class" "link" => "https://symfony.com/cve-2015-2309" "cve" => "CVE-2015-2309" "affectedVersions" => ">=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.27|>=2.4.0,<2.5.0|>=2.5.0,<2.5.11|>=2.6.0,<2.6.6" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2015-04-01 18:55:26" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-p684-f7fh-jv2j" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2015-2309.yaml" ] ] ] [ "advisoryId" => "PKSA-dr6c-z2rf-wh36" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2014-6061.yaml" "title" => "Security issue when parsing the Authorization header" "link" => "https://symfony.com/cve-2014-6061" "cve" => "CVE-2014-6061" "affectedVersions" => ">=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.19|>=2.4.0,<2.4.9|>=2.5.0,<2.5.4" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2014-09-03 07:38:23" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-h7v2-2qwg-h829" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2014-6061.yaml" ] ] ] [ "advisoryId" => "PKSA-rhzp-d9k8-shyq" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2014-5244.yaml" "title" => "Denial of service with a malicious HTTP Host header" "link" => "https://symfony.com/cve-2014-5244" "cve" => "CVE-2014-5244" "affectedVersions" => ">=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.19|>=2.4.0,<2.4.9|>=2.5.0,<2.5.4" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2014-09-03 07:37:21" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-v77v-x634-9m56" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2014-5244.yaml" ] ] ] [ "advisoryId" => "PKSA-tf6z-kynr-311v" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2013-4752.yaml" "title" => "Request::getHost() poisoning" "link" => "https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released" "cve" => "CVE-2013-4752" "affectedVersions" => ">=2.0.0,<2.0.24|>=2.1.0,<2.1.12|>=2.2.0,<2.2.5|>=2.3.0,<2.3.3" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2013-08-17 09:14:49" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-22pv-7v9j-hqxp" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2013-4752.yaml" ] ] ] [ "advisoryId" => "PKSA-hd3k-4852-jhv2" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/2012-11-29.yaml" "title" => "Request::getClientIp() when the trust proxy mode is enabled" "link" => "https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4" "cve" => null "affectedVersions" => ">=2.0.0,<2.0.19|>=2.1.0,<2.1.4" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2012-11-29 00:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-vfm6-r2gc-pwww" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/2012-11-29.yaml" ] ] ] [ "advisoryId" => "PKSA-msdq-r83n-tdy4" "packageName" => "symfony/http-foundation" "remoteId" => "symfony/http-foundation/CVE-2012-6431.yaml" "title" => "Routes behind a firewall are accessible even when not logged in" "link" => "https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released" "cve" => "CVE-2012-6431" "affectedVersions" => ">=2.0.0,<2.0.19" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2012-03-19 15:59:52" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-83c3-qx27-2rwr" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-foundation/CVE-2012-6431.yaml" ] ] ] ] "symfony/http-kernel" => [ [ "advisoryId" => "PKSA-dw7n-x7f5-zf63" "packageName" => "symfony/http-kernel" "remoteId" => "symfony/http-kernel/CVE-2026-45075.yaml" "title" => "CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]" "link" => "https://symfony.com/cve-2026-45075" "cve" => "CVE-2026-45075" "affectedVersions" => ">=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-6439-2f28-8p8q" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-kernel/CVE-2026-45075.yaml" ] ] ] [ "advisoryId" => "PKSA-hr4y-jwk2-1yb9" "packageName" => "symfony/http-kernel" "remoteId" => "symfony/http-kernel/CVE-2022-24894.yaml" "title" => "CVE-2022-24894: Prevent storing cookie headers in HttpCache" "link" => "https://symfony.com/cve-2022-24894" "cve" => "CVE-2022-24894" "affectedVersions" => ">=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.8.0|>=2.8.0,<3.0.0|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<4.0.0|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0|>=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=4.4.0,<4.4.50|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.20|>=6.0.0,<6.0.20|>=6.1.0,<6.1.12|>=6.2.0,<6.2.6" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2023-02-01 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-h7vf-5wrv-9fhv" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-kernel/CVE-2022-24894.yaml" ] ] ] [ "advisoryId" => "PKSA-ftqt-8gzv-r53t" "packageName" => "symfony/http-kernel" "remoteId" => "symfony/http-kernel/CVE-2021-41267.yaml" "title" => "CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request" "link" => "https://symfony.com/cve-2021-41267" "cve" => "CVE-2021-41267" "affectedVersions" => ">=5.2.0,<5.3.0|>=5.3.0,<5.3.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2021-10-09 12:10:44" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-q3j3-w37x-hq2q" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-kernel/CVE-2021-41267.yaml" ] ] ] [ "advisoryId" => "PKSA-8knv-7jsn-12w8" "packageName" => "symfony/http-kernel" "remoteId" => "symfony/http-kernel/CVE-2020-15094.yaml" "title" => "CVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient" "link" => "https://symfony.com/cve-2020-15094" "cve" => "CVE-2020-15094" "affectedVersions" => ">=4.3.0,<4.4.0|>=4.4.0,<4.4.13|>=5.0.0,<5.1.0|>=5.1.0,<5.1.5" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2020-09-02 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-754h-5r27-7x3r" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-kernel/CVE-2020-15094.yaml" ] ] ] [ "advisoryId" => "PKSA-sn9k-4yr8-6s9c" "packageName" => "symfony/http-kernel" "remoteId" => "symfony/http-kernel/CVE-2019-18887.yaml" "title" => "CVE-2019-18887: Use constant time comparison in UriSigner" "link" => "https://symfony.com/cve-2019-18887" "cve" => "CVE-2019-18887" "affectedVersions" => ">=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.8.0|>=2.8.0,<2.8.52|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.35|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0|>=4.2.0,<4.2.12|>=4.3.0,<4.3.8" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2019-11-13 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-q8hg-pf8v-cxrv" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-kernel/CVE-2019-18887.yaml" ] ] ] [ "advisoryId" => "PKSA-35ts-w5by-rx5d" "packageName" => "symfony/http-kernel" "remoteId" => "symfony/http-kernel/CVE-2015-4050.yaml" "title" => "CVE-2015-4050: ESI unauthorized access" "link" => "https://symfony.com/cve-2015-4050" "cve" => "CVE-2015-4050" "affectedVersions" => ">=2.3.19,<2.3.29|>=2.4.9,<2.5.0|>=2.5.4,<2.5.12|>=2.6.0,<2.6.8" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2015-05-26 23:55:51" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-qmqw-mpqp-mr54" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-kernel/CVE-2015-4050.yaml" ] ] ] [ "advisoryId" => "PKSA-15jn-wzq4-94pw" "packageName" => "symfony/http-kernel" "remoteId" => "symfony/http-kernel/CVE-2015-2308.yaml" "title" => "Esi Code Injection" "link" => "https://symfony.com/cve-2015-2308" "cve" => "CVE-2015-2308" "affectedVersions" => ">=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.27|>=2.4.0,<2.5.0|>=2.5.0,<2.5.11|>=2.6.0,<2.6.6" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2015-04-01 18:55:26" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-5c58-w9xc-qcj9" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-kernel/CVE-2015-2308.yaml" ] ] ] [ "advisoryId" => "PKSA-6dsk-crym-v443" "packageName" => "symfony/http-kernel" "remoteId" => "symfony/http-kernel/CVE-2014-5245.yaml" "title" => "Direct access of ESI URLs behind a trusted proxy" "link" => "https://symfony.com/cve-2014-5245" "cve" => "CVE-2014-5245" "affectedVersions" => ">=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.19|>=2.4.0,<2.4.9|>=2.5.0,<2.5.4" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2014-09-03 07:40:02" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-wvjv-p5rr-mmqm" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/http-kernel/CVE-2014-5245.yaml" ] ] ] ] "symfony/intl" => [ [ "advisoryId" => "PKSA-rp6j-7m48-zr61" "packageName" => "symfony/intl" "remoteId" => "symfony/intl/CVE-2017-16654.yaml" "title" => "CVE-2017-16654: Intl bundle readers breaking out of paths" "link" => "https://symfony.com/cve-2017-16654" "cve" => "CVE-2017-16654" "affectedVersions" => ">=2.7.0,<2.7.38|>=2.8.0,<2.8.31|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.2.14|>=3.3.0,<3.3.13" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2017-11-16 15:15:44" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-c49r-8gj6-768r" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/intl/CVE-2017-16654.yaml" ] ] ] ] "symfony/mailer" => [ [ "advisoryId" => "PKSA-28rh-rzzn-djk4" "packageName" => "symfony/mailer" "remoteId" => "symfony/mailer/CVE-2026-45068.yaml" "title" => "CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address" "link" => "https://symfony.com/cve-2026-45068" "cve" => "CVE-2026-45068" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-xx3c-qf5g-hc39" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/mailer/CVE-2026-45068.yaml" ] ] ] ] "symfony/mime" => [ [ "advisoryId" => "PKSA-wtxr-p26d-nn42" "packageName" => "symfony/mime" "remoteId" => "symfony/mime/CVE-2026-45070.yaml" "title" => "CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names" "link" => "https://symfony.com/cve-2026-45070" "cve" => "CVE-2026-45070" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-vqc8-7275-q272" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/mime/CVE-2026-45070.yaml" ] ] ] [ "advisoryId" => "PKSA-2n2k-66v2-bwg3" "packageName" => "symfony/mime" "remoteId" => "symfony/mime/CVE-2026-45067.yaml" "title" => "CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address" "link" => "https://symfony.com/cve-2026-45067" "cve" => "CVE-2026-45067" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-qpmx-3rfj-7rhv" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/mime/CVE-2026-45067.yaml" ] ] ] [ "advisoryId" => "PKSA-7y15-t1fp-w94f" "packageName" => "symfony/mime" "remoteId" => "symfony/mime/CVE-2019-18888.yaml" "title" => "CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser" "link" => "https://symfony.com/cve-2019-18888" "cve" => "CVE-2019-18888" "affectedVersions" => ">=4.3.0,<4.3.8" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2019-11-13 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-xhh6-956q-4q69" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/mime/CVE-2019-18888.yaml" ] ] ] ] "symfony/monolog-bridge" => [ [ "advisoryId" => "PKSA-4wjj-gy1p-ft3r" "packageName" => "symfony/monolog-bridge" "remoteId" => "symfony/monolog-bridge/CVE-2026-45077.yaml" "title" => "CVE-2026-45077: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener" "link" => "https://symfony.com/cve-2026-45077" "cve" => "CVE-2026-45077" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-m7v2-7gxm-vc2v" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/monolog-bridge/CVE-2026-45077.yaml" ] ] ] ] "symfony/process" => [ [ "advisoryId" => "PKSA-rkkf-636k-qjb3" "packageName" => "symfony/process" "remoteId" => "GHSA-r39x-jcww-82v6" "title" => "Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows" "link" => "https://github.com/advisories/GHSA-r39x-jcww-82v6" "cve" => "CVE-2026-24739" "affectedVersions" => ">=8.0,<8.0.5|>=7.4,<7.4.5|>=7.3,<7.3.11|>=6.4,<6.4.33|<5.4.51" "source" => "GitHub" "reportedAt" => "2026-01-28 21:28:10" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-r39x-jcww-82v6" ] ] ] [ "advisoryId" => "PKSA-wws7-mr54-jsny" "packageName" => "symfony/process" "remoteId" => "symfony/process/CVE-2024-51736.yaml" "title" => "CVE-2024-51736: Command execution hijack on Windows with Process class" "link" => "https://symfony.com/cve-2024-51736" "cve" => "CVE-2024-51736" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2024-11-05 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-qq5c-677p-737q" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/process/CVE-2024-51736.yaml" ] ] ] ] "symfony/proxy-manager-bridge" => [ [ "advisoryId" => "PKSA-hxyb-xpnq-t8vg" "packageName" => "symfony/proxy-manager-bridge" "remoteId" => "symfony/proxy-manager-bridge/CVE-2019-10910.yaml" "title" => "CVE-2019-10910: Check service IDs are valid" "link" => "https://symfony.com/cve-2019-10910" "cve" => "CVE-2019-10910" "affectedVersions" => ">=2.7.0,<2.7.51|>=2.8.0,<2.8.50|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.26|>=4.0.0,<4.1.0|>=4.1.0,<4.1.12|>=4.2.0,<4.2.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2019-04-16 12:48:27" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-pgwj-prpq-jpc2" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/proxy-manager-bridge/CVE-2019-10910.yaml" ] ] ] ] "symfony/http-client-contracts" => [] "symfony/lock" => [] "symfony/messenger" => [] "symfony/monolog-bundle" => [] "symfony/options-resolver" => [] "symfony/password-hasher" => [] "symfony/polyfill-php83" => [] "symfony/polyfill-php84" => [] "symfony/polyfill-php85" => [] "symfony/property-access" => [] "symfony/property-info" => [] ] ] ] |
|
| GET | https://packagist.org/api/security-advisories/ | |
|---|---|---|
| Request options | [ "query" => [ "packages" => [ "symfony/psr-http-message-bridge" "symfony/rate-limiter" "symfony/routing" "symfony/runtime" "symfony/scheduler" "symfony/security-core" "symfony/serializer" "symfony/service-contracts" "symfony/stopwatch" "symfony/string" "symfony/translation" "symfony/translation-contracts" "symfony/twig-bridge" "symfony/twig-bundle" "symfony/type-info" "symfony/validator" "symfony/var-dumper" "symfony/var-exporter" "symfony/web-profiler-bundle" "symfony/yaml" ] ] "timeout" => 15 ] |
|
| Response |
200
[ "info" => [ "header_size" => 1444 "request_size" => 796 "total_time" => 0.039525 "pretransfer_time" => 0.000112 "size_download" => 4258.0 "speed_download" => 107729.0 "starttransfer_time" => 0.039055 "primary_ip" => "169.150.247.35" "primary_port" => 443 "local_ip" => "45.152.250.86" "local_port" => 16816 "http_version" => 3 "protocol" => 2 "scheme" => "https" "pretransfer_time_us" => 112 "starttransfer_time_us" => 39055 "posttransfer_time_us" => 111 "total_time_us" => 39525 "effective_method" => "GET" "cainfo" => "/etc/pki/tls/certs/ca-bundle.crt" "start_time" => 1781720190.4063 "original_url" => "https://packagist.org/api/security-advisories/?packages[0]=symfony/psr-http-message-bridge&packages[1]=symfony/rate-limiter&packages[2]=symfony/routing&packages[3]=symfony/runtime&packages[4]=symfony/scheduler&packages[5]=symfony/security-core&packages[6]=symfony/serializer&packages[7]=symfony/service-contracts&packages[8]=symfony/stopwatch&packages[9]=symfony/string&packages[10]=symfony/translation&packages[11]=symfony/translation-contracts&packages[12]=symfony/twig-bridge&packages[13]=symfony/twig-bundle&packages[14]=symfony/type-info&packages[15]=symfony/validator&packages[16]=symfony/var-dumper&packages[17]=symfony/var-exporter&packages[18]=symfony/web-profiler-bundle&packages[19]=symfony/yaml" "pause_handler" => Closure(float $duration) {#1598 : "Symfony\Component\HttpClient\Response\CurlResponse" : { : CurlHandle {#1578 …} : Symfony\Component\HttpClient\Internal\CurlClientState {#1362 …} : -9223372036854775776 } } "debug" => """ * Reusing existing https: connection with host packagist.org\n * [HTTP/2] [17] OPENED stream for https://packagist.org/api/security-advisories/?packages[0]=symfony/psr-http-message-bridge&packages[1]=symfony/rate-limiter&packages[2]=symfony/routing&packages[3]=symfony/runtime&packages[4]=symfony/scheduler&packages[5]=symfony/security-core&packages[6]=symfony/serializer&packages[7]=symfony/service-contracts&packages[8]=symfony/stopwatch&packages[9]=symfony/string&packages[10]=symfony/translation&packages[11]=symfony/translation-contracts&packages[12]=symfony/twig-bridge&packages[13]=symfony/twig-bundle&packages[14]=symfony/type-info&packages[15]=symfony/validator&packages[16]=symfony/var-dumper&packages[17]=symfony/var-exporter&packages[18]=symfony/web-profiler-bundle&packages[19]=symfony/yaml\n * [HTTP/2] [17] [:method: GET]\n * [HTTP/2] [17] [:scheme: https]\n * [HTTP/2] [17] [:authority: packagist.org]\n * [HTTP/2] [17] [:path: /api/security-advisories/?packages[0]=symfony/psr-http-message-bridge&packages[1]=symfony/rate-limiter&packages[2]=symfony/routing&packages[3]=symfony/runtime&packages[4]=symfony/scheduler&packages[5]=symfony/security-core&packages[6]=symfony/serializer&packages[7]=symfony/service-contracts&packages[8]=symfony/stopwatch&packages[9]=symfony/string&packages[10]=symfony/translation&packages[11]=symfony/translation-contracts&packages[12]=symfony/twig-bridge&packages[13]=symfony/twig-bundle&packages[14]=symfony/type-info&packages[15]=symfony/validator&packages[16]=symfony/var-dumper&packages[17]=symfony/var-exporter&packages[18]=symfony/web-profiler-bundle&packages[19]=symfony/yaml]\n * [HTTP/2] [17] [accept: */*]\n * [HTTP/2] [17] [user-agent: Symfony HttpClient (Curl)]\n * [HTTP/2] [17] [accept-encoding: gzip]\n > GET /api/security-advisories/?packages[0]=symfony/psr-http-message-bridge&packages[1]=symfony/rate-limiter&packages[2]=symfony/routing&packages[3]=symfony/runtime&packages[4]=symfony/scheduler&packages[5]=symfony/security-core&packages[6]=symfony/serializer&packages[7]=symfony/service-contracts&packages[8]=symfony/stopwatch&packages[9]=symfony/string&packages[10]=symfony/translation&packages[11]=symfony/translation-contracts&packages[12]=symfony/twig-bridge&packages[13]=symfony/twig-bundle&packages[14]=symfony/type-info&packages[15]=symfony/validator&packages[16]=symfony/var-dumper&packages[17]=symfony/var-exporter&packages[18]=symfony/web-profiler-bundle&packages[19]=symfony/yaml HTTP/2\r\n Host: packagist.org\r\n Accept: */*\r\n User-Agent: Symfony HttpClient (Curl)\r\n Accept-Encoding: gzip\r\n \r\n * Request completely sent off\n < HTTP/2 200 \r\n < date: Wed, 17 Jun 2026 18:16:30 GMT\r\n < content-type: application/json\r\n < vary: Accept-Encoding\r\n < server: BunnyCDN-DE1-1078\r\n < cdn-pullzone: 3535225\r\n < cdn-requestcountrycode: NL\r\n < cache-control: max-age=0, must-revalidate, private\r\n < expires: Wed, 17 Jun 2026 18:16:30 GMT\r\n < strict-transport-security: max-age=31104000\r\n < x-frame-options: DENY\r\n < content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-xss-protection: 1; mode=block\r\n < referrer-policy: strict-origin-when-cross-origin\r\n < x-content-type-options: nosniff\r\n < cdn-proxyver: 1.57\r\n < cdn-requestpullsuccess: True\r\n < cdn-requestpullcode: 200\r\n < cdn-cachedat: 06/17/2026 18:16:30\r\n < cdn-edgestorageid: 1078\r\n < cdn-requestid: 64889cf4b1c5dbda683992ba0b9991f3\r\n < cdn-cache: MISS\r\n < cdn-status: 200\r\n < cdn-requesttime: 0\r\n < content-encoding: gzip\r\n < \r\n """ ] "url" => "https://packagist.org/api/security-advisories/?packages[0]=symfony/psr-http-message-bridge&packages[1]=symfony/rate-limiter&packages[2]=symfony/routing&packages[3]=symfony/runtime&packages[4]=symfony/scheduler&packages[5]=symfony/security-core&packages[6]=symfony/serializer&packages[7]=symfony/service-contracts&packages[8]=symfony/stopwatch&packages[9]=symfony/string&packages[10]=symfony/translation&packages[11]=symfony/translation-contracts&packages[12]=symfony/twig-bridge&packages[13]=symfony/twig-bundle&packages[14]=symfony/type-info&packages[15]=symfony/validator&packages[16]=symfony/var-dumper&packages[17]=symfony/var-exporter&packages[18]=symfony/web-profiler-bundle&packages[19]=symfony/yaml" "response_headers" => [ "HTTP/2 200 " "date: Wed, 17 Jun 2026 18:16:30 GMT" "content-type: application/json" "vary: Accept-Encoding" "server: BunnyCDN-DE1-1078" "cdn-pullzone: 3535225" "cdn-requestcountrycode: NL" "cache-control: max-age=0, must-revalidate, private" "expires: Wed, 17 Jun 2026 18:16:30 GMT" "strict-transport-security: max-age=31104000" "x-frame-options: DENY" "content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-xss-protection: 1; mode=block" "referrer-policy: strict-origin-when-cross-origin" "x-content-type-options: nosniff" "cdn-proxyver: 1.57" "cdn-requestpullsuccess: True" "cdn-requestpullcode: 200" "cdn-cachedat: 06/17/2026 18:16:30" "cdn-edgestorageid: 1078" "cdn-requestid: 64889cf4b1c5dbda683992ba0b9991f3" "cdn-cache: MISS" "cdn-status: 200" "cdn-requesttime: 0" "content-encoding: gzip" ] "response_json" => [ "advisories" => [ "symfony/routing" => [ [ "advisoryId" => "PKSA-bf7t-jnpz-492k" "packageName" => "symfony/routing" "remoteId" => "symfony/routing/CVE-2026-48784.yaml" "title" => "CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization" "link" => "https://symfony.com/cve-2026-48784" "cve" => "CVE-2026-48784" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.53|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.41|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.13|>=8.0.0,<8.0.13" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-26 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-h5x3-xfc9-m39h" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/routing/CVE-2026-48784.yaml" ] ] ] [ "advisoryId" => "PKSA-yc7t-91v9-99xs" "packageName" => "symfony/routing" "remoteId" => "symfony/routing/CVE-2026-45065.yaml" "title" => "CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection" "link" => "https://symfony.com/cve-2026-45065" "cve" => "CVE-2026-45065" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-72xp-p242-47p9" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/routing/CVE-2026-45065.yaml" ] ] ] [ "advisoryId" => "PKSA-g1jq-pppn-wyhk" "packageName" => "symfony/routing" "remoteId" => "symfony/routing/2012-08-28.yaml" "title" => "Security fixes related to the way XML is handled" "link" => "https://symfony.com/blog/security-release-symfony-2-0-17-released" "cve" => null "affectedVersions" => ">=2.0.0,<2.0.17" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2012-08-28 00:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-rjpm-qmq7-q85w" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/routing/2012-08-28.yaml" ] ] ] [ "advisoryId" => "PKSA-p71j-52x5-sfs1" "packageName" => "symfony/routing" "remoteId" => "symfony/routing/CVE-2012-6431.yaml" "title" => "Routes behind a firewall are accessible even when not logged in" "link" => "https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released" "cve" => "CVE-2012-6431" "affectedVersions" => ">=2.0.0,<2.0.19" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2012-03-19 15:59:52" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-83c3-qx27-2rwr" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/routing/CVE-2012-6431.yaml" ] ] ] ] "symfony/runtime" => [ [ "advisoryId" => "PKSA-xf5h-y6vg-qj98" "packageName" => "symfony/runtime" "remoteId" => "GHSA-fqc7-9xjw-jrh3" "title" => "SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch" "link" => "https://github.com/advisories/GHSA-fqc7-9xjw-jrh3" "cve" => "CVE-2026-47767" "affectedVersions" => ">=8.0.0,<8.0.12|>=7.1.7,<7.4.12|>=6.4.14,<6.4.40|>=5.4.46,<5.4.52" "source" => "GitHub" "reportedAt" => "2026-06-09 21:58:11" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-fqc7-9xjw-jrh3" ] ] ] [ "advisoryId" => "PKSA-py8y-z9q7-q197" "packageName" => "symfony/runtime" "remoteId" => "symfony/runtime/CVE-2026-46626.yaml" "title" => "CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch" "link" => "https://symfony.com/cve-2026-46626" "cve" => "CVE-2026-46626" "affectedVersions" => ">=5.4.46,<5.4.52|>=6.4.14,<6.4.40|>=7.1.7,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => null "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/runtime/CVE-2026-46626.yaml" ] ] ] [ "advisoryId" => "PKSA-d1rr-z8zb-qnm7" "packageName" => "symfony/runtime" "remoteId" => "symfony/runtime/CVE-2024-50340.yaml" "title" => "CVE-2024-50340: Ability to change environment from query" "link" => "https://symfony.com/cve-2024-50340" "cve" => "CVE-2024-50340" "affectedVersions" => ">=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2024-11-05 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-x8vp-gf4q-mw5j" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/runtime/CVE-2024-50340.yaml" ] ] ] ] "symfony/security-core" => [ [ "advisoryId" => "PKSA-jjrg-2n5t-nkkj" "packageName" => "symfony/security-core" "remoteId" => "symfony/security-core/CVE-2021-21424.yaml" "title" => "CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms" "link" => "https://symfony.com/cve-2021-21424" "cve" => "CVE-2021-21424" "affectedVersions" => ">=2.8.0,<3.0.0|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.49|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0|>=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=4.4.0,<4.4.24|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.2.9" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2021-05-12 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-5pv8-ppvj-4h68" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/security-core/CVE-2021-21424.yaml" ] ] ] [ "advisoryId" => "PKSA-4v2q-7qd7-pgw2" "packageName" => "symfony/security-core" "remoteId" => "symfony/security-core/CVE-2018-11407.yaml" "title" => "CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password" "link" => "https://symfony.com/cve-2018-11407" "cve" => "CVE-2018-11407" "affectedVersions" => ">=2.8.0,<2.8.37|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.3.17|>=3.4.0,<3.4.7|>=4.0.0,<4.0.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2018-05-25 12:12:59" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-35c5-28pg-2qg4" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/security-core/CVE-2018-11407.yaml" ] ] ] [ "advisoryId" => "PKSA-2672-j1r9-dm6x" "packageName" => "symfony/security-core" "remoteId" => "symfony/security-core/CVE-2017-11365.yaml" "title" => "CVE-2017-11365: Empty passwords validation issue" "link" => "https://symfony.com/cve-2017-11365" "cve" => "CVE-2017-11365" "affectedVersions" => ">=2.7.30,<2.7.32|>=2.8.23,<2.8.25|>=3.2.10,<3.2.12|>=3.3.3,<3.3.5" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2017-07-17 10:54:11" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-q87v-q8fw-gmj5" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/security-core/CVE-2017-11365.yaml" ] ] ] [ "advisoryId" => "PKSA-nz2g-y52j-n79q" "packageName" => "symfony/security-core" "remoteId" => "symfony/security-core/CVE-2016-2403.yaml" "title" => "CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password" "link" => "https://symfony.com/cve-2016-2403" "cve" => "CVE-2016-2403" "affectedVersions" => ">=2.8.0,<2.8.6|>=3.0.0,<3.0.6" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2016-05-09 21:34:47" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-wvj5-r78r-hhfq" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/security-core/CVE-2016-2403.yaml" ] ] ] [ "advisoryId" => "PKSA-cdq8-87w8-19rq" "packageName" => "symfony/security-core" "remoteId" => "symfony/security-core/CVE-2016-1902.yaml" "title" => "CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails " "link" => "https://symfony.com/cve-2016-1902" "cve" => "CVE-2016-1902" "affectedVersions" => ">=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.6.13|>=2.7.0,<2.7.9" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2016-01-14 09:48:01" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-jjx5-fq5g-8xpc" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/security-core/CVE-2016-1902.yaml" ] ] ] ] "symfony/serializer" => [ [ "advisoryId" => "PKSA-s1hc-69wj-fhpp" "packageName" => "symfony/serializer" "remoteId" => "symfony/serializer/CVE-2021-41270.yaml" "title" => "CVE-2021-41270: Prevent CSV Injection via formulas" "link" => "https://symfony.com/cve-2021-41270" "cve" => "CVE-2021-41270" "affectedVersions" => ">=4.1.0,<4.2.0|>=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=4.4.0,<4.4.35|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.3.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2021-11-15 10:47:04" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-2xhg-w2g5-w95x" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/serializer/CVE-2021-41270.yaml" ] ] ] [ "advisoryId" => "PKSA-ft85-yyfg-zynf" "packageName" => "symfony/serializer" "remoteId" => "symfony/serializer/2012-02-24.yaml" "title" => "XML decoding attack vector through external entities" "link" => "https://symfony.com/blog/security-release-symfony-2-0-11-released" "cve" => null "affectedVersions" => ">=2.0.0,<2.0.11" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2012-02-24 00:00:00" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-j68w-pg49-f6vx" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/serializer/2012-02-24.yaml" ] ] ] ] "symfony/translation" => [ [ "advisoryId" => "PKSA-9dxk-2dxf-2khq" "packageName" => "symfony/translation" "remoteId" => "symfony/translation/2012-08-28.yaml" "title" => "Security fixes related to the way XML is handled" "link" => "https://symfony.com/blog/security-release-symfony-2-0-17-released" "cve" => null "affectedVersions" => ">=2.0.0,<2.0.17" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2012-08-28 00:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-f75p-x5vm-83qp" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/translation/2012-08-28.yaml" ] ] ] ] "symfony/twig-bridge" => [ [ "advisoryId" => "PKSA-11dz-rdmf-vfgt" "packageName" => "symfony/twig-bridge" "remoteId" => "symfony/twig-bridge/CVE-2026-45072.yaml" "title" => "CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering" "link" => "https://symfony.com/cve-2026-45072" "cve" => "CVE-2026-45072" "affectedVersions" => ">=6.4.24,<6.4.40" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-hmr5-2xcr-v8pp" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/twig-bridge/CVE-2026-45072.yaml" ] ] ] [ "advisoryId" => "PKSA-ztgh-x9c8-k66g" "packageName" => "symfony/twig-bridge" "remoteId" => "symfony/twig-bridge/CVE-2023-46734.yaml" "title" => "CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters" "link" => "https://symfony.com/cve-2023-46734" "cve" => "CVE-2023-46734" "affectedVersions" => ">=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.5.0|>=2.5.0,<2.6.0|>=2.6.0,<2.7.0|>=2.7.0,<2.8.0|>=2.8.0,<3.0.0|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<4.0.0|>=4.0.0,<4.1.0|>=4.1.0,<4.2.0|>=4.2.0,<4.3.0|>=4.3.0,<4.4.0|>=4.4.0,<4.4.51|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.31|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.3.8" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2023-11-10 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-q847-2q57-wmr3" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/twig-bridge/CVE-2023-46734.yaml" ] ] ] ] "symfony/validator" => [ [ "advisoryId" => "PKSA-w2tw-kmfg-rt9s" "packageName" => "symfony/validator" "remoteId" => "symfony/validator/CVE-2024-50343.yaml" "title" => """ CVE-2024-50343: Incorrect response from Validator when input ends with `\n ` """ "link" => "https://symfony.com/cve-2024-50343" "cve" => "CVE-2024-50343" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.43|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.11|>=7.0.0,<7.1.0|>=7.1.0,<7.1.4" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2024-08-30 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-g3rh-rrhp-jhh9" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/validator/CVE-2024-50343.yaml" ] ] ] [ "advisoryId" => "PKSA-kd6c-vk25-4qyx" "packageName" => "symfony/validator" "remoteId" => "symfony/validator/CVE-2013-4751.yaml" "title" => "Validation metadata serialization and loss of information" "link" => "https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released" "cve" => "CVE-2013-4751" "affectedVersions" => ">=2.0.0,<2.0.24|>=2.1.0,<2.1.12|>=2.2.0,<2.2.5|>=2.3.0,<2.3.3" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2013-08-17 07:55:32" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-q8j7-fjh7-25v5" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/validator/CVE-2013-4751.yaml" ] ] ] [ "advisoryId" => "PKSA-7bh2-7tsx-64wj" "packageName" => "symfony/validator" "remoteId" => "symfony/validator/2012-08-28.yaml" "title" => "Security fixes related to the way XML is handled" "link" => "https://symfony.com/blog/security-release-symfony-2-0-17-released" "cve" => null "affectedVersions" => ">=2.0.0,<2.0.17" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2012-08-28 00:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-4vf2-qfg3-7598" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/validator/2012-08-28.yaml" ] ] ] ] "symfony/var-exporter" => [ [ "advisoryId" => "PKSA-qdcz-9b22-7g4s" "packageName" => "symfony/var-exporter" "remoteId" => "symfony/var-exporter/CVE-2019-11325.yaml" "title" => "CVE-2019-11325: Fix escaping of strings in VarExporter" "link" => "https://symfony.com/cve-2019-11325" "cve" => "CVE-2019-11325" "affectedVersions" => ">=4.2.0,<4.2.12|>=4.3.0,<4.3.8" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2019-11-13 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-w4rc-rx25-8m86" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/var-exporter/CVE-2019-11325.yaml" ] ] ] ] "symfony/web-profiler-bundle" => [ [ "advisoryId" => "PKSA-rg9h-crk2-m8zt" "packageName" => "symfony/web-profiler-bundle" "remoteId" => "symfony/web-profiler-bundle/CVE-2026-45072.yaml" "title" => "CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering" "link" => "https://symfony.com/cve-2026-45072" "cve" => "CVE-2026-45072" "affectedVersions" => ">=7.2.9,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-hmr5-2xcr-v8pp" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/web-profiler-bundle/CVE-2026-45072.yaml" ] ] ] [ "advisoryId" => "PKSA-6thw-45qq-kvhy" "packageName" => "symfony/web-profiler-bundle" "remoteId" => "symfony/web-profiler-bundle/CVE-2014-6072.yaml" "title" => "CSRF vulnerability in the Web Profiler" "link" => "https://symfony.com/cve-2014-6072" "cve" => "CVE-2014-6072" "affectedVersions" => ">=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.19|>=2.4.0,<2.4.9|>=2.5.0,<2.5.4" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2014-09-03 07:40:30" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-v35g-4rrw-h4fw" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/web-profiler-bundle/CVE-2014-6072.yaml" ] ] ] ] "symfony/yaml" => [ [ "advisoryId" => "PKSA-v5yj-8nmz-sk2q" "packageName" => "symfony/yaml" "remoteId" => "symfony/yaml/CVE-2026-45304.yaml" "title" => "CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")" "link" => "https://symfony.com/cve-2026-45304" "cve" => "CVE-2026-45304" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-4qpc-3hr4-r2p4" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/yaml/CVE-2026-45304.yaml" ] ] ] [ "advisoryId" => "PKSA-ft77-7h5f-p3r6" "packageName" => "symfony/yaml" "remoteId" => "symfony/yaml/CVE-2026-45305.yaml" "title" => "CVE-2026-45305: YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex" "link" => "https://symfony.com/cve-2026-45305" "cve" => "CVE-2026-45305" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-9frc-8383-795m" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/yaml/CVE-2026-45305.yaml" ] ] ] [ "advisoryId" => "PKSA-b14r-zh1d-vdrc" "packageName" => "symfony/yaml" "remoteId" => "symfony/yaml/CVE-2026-45133.yaml" "title" => "CVE-2026-45133: YAML Parser Stack Exhaustion via Unbounded Recursion in Nested Blocks, Sequences, and Mappings" "link" => "https://symfony.com/cve-2026-45133" "cve" => "CVE-2026-45133" "affectedVersions" => ">=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-c2p3-7m5p-cv8x" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/yaml/CVE-2026-45133.yaml" ] ] ] [ "advisoryId" => "PKSA-xxgb-wq2d-7gpg" "packageName" => "symfony/yaml" "remoteId" => "symfony/yaml/CVE-2013-1397.yaml" "title" => "Ability to enable/disable object support in YAML parsing and dumping" "link" => "https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released" "cve" => "CVE-2013-1397" "affectedVersions" => ">=2.0.0,<2.0.22|>=2.1.0,<2.1.7" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2013-01-15 21:21:51" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-7w53-hfpw-rg3g" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/yaml/CVE-2013-1397.yaml" ] ] ] [ "advisoryId" => "PKSA-4y51-dgkc-x4zc" "packageName" => "symfony/yaml" "remoteId" => "symfony/yaml/CVE-2013-1348.yaml" "title" => "Ability to enable/disable PHP parsing in Yaml::parse()" "link" => "https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released" "cve" => "CVE-2013-1348" "affectedVersions" => ">=2.0.0,<2.0.22" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2013-01-15 21:16:19" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-2r5h-6r7v-5m7c" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "symfony/yaml/CVE-2013-1348.yaml" ] ] ] ] "symfony/psr-http-message-bridge" => [] "symfony/rate-limiter" => [] "symfony/scheduler" => [] "symfony/service-contracts" => [] "symfony/stopwatch" => [] "symfony/string" => [] "symfony/translation-contracts" => [] "symfony/twig-bundle" => [] "symfony/type-info" => [] "symfony/var-dumper" => [] ] ] ] |
|
| GET | https://packagist.org/api/security-advisories/ | |
|---|---|---|
| Request options | [ "query" => [ "packages" => [ "tecnickcom/tcpdf" "thecodingmachine/safe" "theseer/tokenizer" "twig/intl-extra" "twig/string-extra" "twig/twig" "zircote/swagger-php" ] ] "timeout" => 15 ] |
|
| Response |
200
[ "info" => [ "header_size" => 1444 "request_size" => 341 "total_time" => 0.034236 "pretransfer_time" => 0.000101 "size_download" => 4155.0 "speed_download" => 121363.0 "starttransfer_time" => 0.033384 "primary_ip" => "169.150.247.35" "primary_port" => 443 "local_ip" => "45.152.250.86" "local_port" => 16816 "http_version" => 3 "protocol" => 2 "scheme" => "https" "pretransfer_time_us" => 101 "starttransfer_time_us" => 33384 "posttransfer_time_us" => 101 "total_time_us" => 34236 "effective_method" => "GET" "cainfo" => "/etc/pki/tls/certs/ca-bundle.crt" "start_time" => 1781720190.4491 "original_url" => "https://packagist.org/api/security-advisories/?packages[0]=tecnickcom/tcpdf&packages[1]=thecodingmachine/safe&packages[2]=theseer/tokenizer&packages[3]=twig/intl-extra&packages[4]=twig/string-extra&packages[5]=twig/twig&packages[6]=zircote/swagger-php" "pause_handler" => Closure(float $duration) {#1622 : "Symfony\Component\HttpClient\Response\CurlResponse" : { : CurlHandle {#1582 …} : Symfony\Component\HttpClient\Internal\CurlClientState {#1362 …} : -9223372036854775773 } } "debug" => """ * Reusing existing https: connection with host packagist.org\n * [HTTP/2] [19] OPENED stream for https://packagist.org/api/security-advisories/?packages[0]=tecnickcom/tcpdf&packages[1]=thecodingmachine/safe&packages[2]=theseer/tokenizer&packages[3]=twig/intl-extra&packages[4]=twig/string-extra&packages[5]=twig/twig&packages[6]=zircote/swagger-php\n * [HTTP/2] [19] [:method: GET]\n * [HTTP/2] [19] [:scheme: https]\n * [HTTP/2] [19] [:authority: packagist.org]\n * [HTTP/2] [19] [:path: /api/security-advisories/?packages[0]=tecnickcom/tcpdf&packages[1]=thecodingmachine/safe&packages[2]=theseer/tokenizer&packages[3]=twig/intl-extra&packages[4]=twig/string-extra&packages[5]=twig/twig&packages[6]=zircote/swagger-php]\n * [HTTP/2] [19] [accept: */*]\n * [HTTP/2] [19] [user-agent: Symfony HttpClient (Curl)]\n * [HTTP/2] [19] [accept-encoding: gzip]\n > GET /api/security-advisories/?packages[0]=tecnickcom/tcpdf&packages[1]=thecodingmachine/safe&packages[2]=theseer/tokenizer&packages[3]=twig/intl-extra&packages[4]=twig/string-extra&packages[5]=twig/twig&packages[6]=zircote/swagger-php HTTP/2\r\n Host: packagist.org\r\n Accept: */*\r\n User-Agent: Symfony HttpClient (Curl)\r\n Accept-Encoding: gzip\r\n \r\n * Request completely sent off\n < HTTP/2 200 \r\n < date: Wed, 17 Jun 2026 18:16:30 GMT\r\n < content-type: application/json\r\n < vary: Accept-Encoding\r\n < server: BunnyCDN-DE1-1078\r\n < cdn-pullzone: 3535225\r\n < cdn-requestcountrycode: NL\r\n < cache-control: max-age=0, must-revalidate, private\r\n < expires: Wed, 17 Jun 2026 18:16:30 GMT\r\n < strict-transport-security: max-age=31104000\r\n < x-frame-options: DENY\r\n < content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'\r\n < x-xss-protection: 1; mode=block\r\n < referrer-policy: strict-origin-when-cross-origin\r\n < x-content-type-options: nosniff\r\n < cdn-proxyver: 1.57\r\n < cdn-requestpullsuccess: True\r\n < cdn-requestpullcode: 200\r\n < cdn-cachedat: 06/17/2026 18:16:30\r\n < cdn-edgestorageid: 1047\r\n < cdn-requestid: ef82a01a30036b455f58751a11aacdbf\r\n < cdn-cache: MISS\r\n < cdn-status: 200\r\n < cdn-requesttime: 0\r\n < content-encoding: gzip\r\n < \r\n """ ] "url" => "https://packagist.org/api/security-advisories/?packages[0]=tecnickcom/tcpdf&packages[1]=thecodingmachine/safe&packages[2]=theseer/tokenizer&packages[3]=twig/intl-extra&packages[4]=twig/string-extra&packages[5]=twig/twig&packages[6]=zircote/swagger-php" "response_headers" => [ "HTTP/2 200 " "date: Wed, 17 Jun 2026 18:16:30 GMT" "content-type: application/json" "vary: Accept-Encoding" "server: BunnyCDN-DE1-1078" "cdn-pullzone: 3535225" "cdn-requestcountrycode: NL" "cache-control: max-age=0, must-revalidate, private" "expires: Wed, 17 Jun 2026 18:16:30 GMT" "strict-transport-security: max-age=31104000" "x-frame-options: DENY" "content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-content-security-policy: default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic'; style-src 'self' 'unsafe-inline'" "x-xss-protection: 1; mode=block" "referrer-policy: strict-origin-when-cross-origin" "x-content-type-options: nosniff" "cdn-proxyver: 1.57" "cdn-requestpullsuccess: True" "cdn-requestpullcode: 200" "cdn-cachedat: 06/17/2026 18:16:30" "cdn-edgestorageid: 1047" "cdn-requestid: ef82a01a30036b455f58751a11aacdbf" "cdn-cache: MISS" "cdn-status: 200" "cdn-requesttime: 0" "content-encoding: gzip" ] "response_json" => [ "advisories" => [ "tecnickcom/tcpdf" => [ [ "advisoryId" => "PKSA-wb9y-hg45-chz4" "packageName" => "tecnickcom/tcpdf" "remoteId" => "GHSA-w95c-7994-ghpr" "title" => "TCPDF has incorrect comparison" "link" => "https://github.com/advisories/GHSA-w95c-7994-ghpr" "cve" => "CVE-2024-56522" "affectedVersions" => "<6.8.0" "source" => "GitHub" "reportedAt" => "2024-12-27 06:30:48" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-w95c-7994-ghpr" ] ] ] [ "advisoryId" => "PKSA-ys59-hzk7-wxt5" "packageName" => "tecnickcom/tcpdf" "remoteId" => "GHSA-qx95-cwh6-9mvq" "title" => "TCPDF missing character escape on error messages" "link" => "https://github.com/advisories/GHSA-qx95-cwh6-9mvq" "cve" => "CVE-2024-56527" "affectedVersions" => "<6.8.0" "source" => "GitHub" "reportedAt" => "2024-12-27 06:30:48" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-qx95-cwh6-9mvq" ] ] ] [ "advisoryId" => "PKSA-tdkc-7xrw-d14c" "packageName" => "tecnickcom/tcpdf" "remoteId" => "GHSA-4p8j-vhjm-6pvw" "title" => "TCPDF lacks SVG sanitization" "link" => "https://github.com/advisories/GHSA-4p8j-vhjm-6pvw" "cve" => "CVE-2024-56519" "affectedVersions" => "<6.8.0" "source" => "GitHub" "reportedAt" => "2024-12-27 06:30:47" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-4p8j-vhjm-6pvw" ] ] ] [ "advisoryId" => "PKSA-98jj-zbnk-dgwp" "packageName" => "tecnickcom/tcpdf" "remoteId" => "GHSA-9mgx-552f-59p6" "title" => "TCPDF missing certificate validation" "link" => "https://github.com/advisories/GHSA-9mgx-552f-59p6" "cve" => "CVE-2024-56521" "affectedVersions" => "<6.8.0" "source" => "GitHub" "reportedAt" => "2024-12-27 06:30:47" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-9mgx-552f-59p6" ] ] ] [ "advisoryId" => "PKSA-62dz-rc7r-pb8r" "packageName" => "tecnickcom/tcpdf" "remoteId" => "GHSA-rmv2-8jjc-23xw" "title" => "TCPDF Local File Inclusion vulnerability" "link" => "https://github.com/advisories/GHSA-rmv2-8jjc-23xw" "cve" => "CVE-2024-51058" "affectedVersions" => "<=6.7.5" "source" => "GitHub" "reportedAt" => "2024-11-26 18:38:52" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-rmv2-8jjc-23xw" ] ] ] [ "advisoryId" => "PKSA-jwjn-w3mx-tq38" "packageName" => "tecnickcom/tcpdf" "remoteId" => "GHSA-mx3p-fhpw-x6rv" "title" => "TCPDF vulnerable to Regular Expression Denial of Service" "link" => "https://github.com/advisories/GHSA-mx3p-fhpw-x6rv" "cve" => "CVE-2024-22640" "affectedVersions" => "<=6.7.4" "source" => "GitHub" "reportedAt" => "2024-04-19 18:31:11" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-mx3p-fhpw-x6rv" ] ] ] [ "advisoryId" => "PKSA-d3g2-dzgm-n74r" "packageName" => "tecnickcom/tcpdf" "remoteId" => "GHSA-g9wg-98c2-qv3v" "title" => "TCPDF Cross-site Scripting vulnerability" "link" => "https://github.com/advisories/GHSA-g9wg-98c2-qv3v" "cve" => "CVE-2024-32489" "affectedVersions" => "<6.7.4" "source" => "GitHub" "reportedAt" => "2024-04-15 06:30:35" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-g9wg-98c2-qv3v" ] ] ] [ "advisoryId" => "PKSA-jvj8-gbfh-v875" "packageName" => "tecnickcom/tcpdf" "remoteId" => "tecnickcom/tcpdf/CVE-2018-17057.yaml" "title" => "Attackers can trigger deserialization of arbitrary data via the phar:// wrapper." "link" => "https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed" "cve" => "CVE-2018-17057" "affectedVersions" => "<6.2.22" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2018-09-14 15:26:29" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-5hw4-m7f3-hhx8" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "tecnickcom/tcpdf/CVE-2018-17057.yaml" ] ] ] ] "twig/intl-extra" => [ [ "advisoryId" => "PKSA-2rbx-bjdx-4d4d" "packageName" => "twig/intl-extra" "remoteId" => "twig/intl-extra/CVE-2026-46629.yaml" "title" => "Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments" "link" => "https://symfony.com/cve-2026-46629" "cve" => "CVE-2026-46629" "affectedVersions" => ">=2.12.0,<3.0.0|>=3.0.0,<3.26.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-35wc-cvqg-78fp" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/intl-extra/CVE-2026-46629.yaml" ] ] ] ] "twig/twig" => [ [ "advisoryId" => "PKSA-fbvq-z33h-r2np" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-48808.yaml" "title" => "Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`" "link" => "https://symfony.com/blog/cve-2026-48808-sandbox-property-allowlist-bypass-via-the-column-filter-under-sourcepolicyinterface" "cve" => "CVE-2026-48808" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.27.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-27 15:00:00" "composerRepository" => "https://packagist.org" "severity" => null "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-48808.yaml" ] ] ] [ "advisoryId" => "PKSA-g9zw-qxh8-pq8w" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-48805.yaml" "title" => "Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`" "link" => "https://symfony.com/blog/cve-2026-48805-sandbox-state-regression-in-deprecated-internal-wrappers-in-src-resources-core-php" "cve" => "CVE-2026-48805" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.27.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-27 15:00:00" "composerRepository" => "https://packagist.org" "severity" => null "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-48805.yaml" ] ] ] [ "advisoryId" => "PKSA-yd6k-t2gh-1m43" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-46636.yaml" "title" => "Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders" "link" => "https://symfony.com/blog/cve-2026-46636-sandbox-filter-tag-and-function-allow-list-bypass-when-sandbox-state-changes-between-renders" "cve" => "CVE-2026-46636" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.27.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-27 15:00:00" "composerRepository" => "https://packagist.org" "severity" => null "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-46636.yaml" ] ] ] [ "advisoryId" => "PKSA-1tmc-rt7x-12w6" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-48806.yaml" "title" => "Sandbox `__toString()` policy bypass via dynamic mapping keys" "link" => "https://symfony.com/blog/cve-2026-48806-sandbox-tostring-policy-bypass-via-dynamic-mapping-keys" "cve" => "CVE-2026-48806" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.27.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-27 15:00:00" "composerRepository" => "https://packagist.org" "severity" => null "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-48806.yaml" ] ] ] [ "advisoryId" => "PKSA-xx6c-6d96-db2w" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-48807.yaml" "title" => "Sandbox `__toString()` policy bypass via `Traversable` in `join`/`replace` and `in`/`not in` operators" "link" => "https://symfony.com/blog/cve-2026-48807-sandbox-tostring-policy-bypass-via-traversable-in-join-replace-and-in-not-in-operators" "cve" => "CVE-2026-48807" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.27.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-27 15:00:00" "composerRepository" => "https://packagist.org" "severity" => null "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-48807.yaml" ] ] ] [ "advisoryId" => "PKSA-5k7f-wvjj-jrgw" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-46640.yaml" "title" => "Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation" "link" => "https://symfony.com/cve-2026-46640" "cve" => "CVE-2026-46640" "affectedVersions" => ">=3.15.0,<3.26.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-45vw-wh46-2vx8" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-46640.yaml" ] ] ] [ "advisoryId" => "PKSA-sjvz-tbbr-vwth" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-46628.yaml" "title" => "The `spaceless` filter implicitly marks its output as safe" "link" => "https://symfony.com/cve-2026-46628" "cve" => "CVE-2026-46628" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.26.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-4j38-f5cw-54h7" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-46628.yaml" ] ] ] [ "advisoryId" => "PKSA-h8hf-ytnd-5t9q" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-46633.yaml" "title" => "PHP code injection via `{% use %}` template name" "link" => "https://symfony.com/cve-2026-46633" "cve" => "CVE-2026-46633" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.26.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "critical" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-7p85-w9px-jpjp" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-46633.yaml" ] ] ] [ "advisoryId" => "PKSA-wwb1-81rc-pd65" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-47730.yaml" "title" => "XSS in profiler HtmlDumper via unescaped template and profile names" "link" => "https://symfony.com/cve-2026-47730" "cve" => "CVE-2026-47730" "affectedVersions" => ">=3.0.0,<3.26.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-2g2g-8p8h-fgwm" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-47730.yaml" ] ] ] [ "advisoryId" => "PKSA-hgmw-wn4d-hpcy" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-46639.yaml" "title" => "Sandbox property and method bypass via object-destructuring assignment" "link" => "https://symfony.com/cve-2026-46639" "cve" => "CVE-2026-46639" "affectedVersions" => ">=3.24.0,<3.26.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-mm6w-gr99-p3jj" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-46639.yaml" ] ] ] [ "advisoryId" => "PKSA-kvv6-36cr-fkzb" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-46627.yaml" "title" => "Sandbox does not protect against resource exhaustion" "link" => "https://symfony.com/cve-2026-46627" "cve" => "CVE-2026-46627" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.26.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => null "sources" => [ [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-46627.yaml" ] ] ] [ "advisoryId" => "PKSA-n14z-jjjg-g8vd" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-46635.yaml" "title" => "Sandbox property allowlist bypass via the `column` filter (array_column on objects)" "link" => "https://symfony.com/cve-2026-46635" "cve" => "CVE-2026-46635" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.26.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-vcc8-phrv-43wj" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-46635.yaml" ] ] ] [ "advisoryId" => "PKSA-3mcc-k66d-pydb" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-46638.yaml" "title" => "`{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)" "link" => "https://symfony.com/cve-2026-46638" "cve" => "CVE-2026-46638" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.26.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-7fxw-r6jv-74c8" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-46638.yaml" ] ] ] [ "advisoryId" => "PKSA-gw7n-z4yx-7xjt" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-24425.yaml" "title" => "Possible sandbox bypass when using a source policy" "link" => "https://symfony.com/cve-2026-24425" "cve" => "CVE-2026-24425" "affectedVersions" => ">=2.16.0,<3.0.0|>=3.9.0,<3.26.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-2q52-x2ff-qgfr" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-24425.yaml" ] ] ] [ "advisoryId" => "PKSA-dpx1-78wg-1kqs" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-47732.yaml" "title" => "Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points" "link" => "https://symfony.com/cve-2026-47732" "cve" => "CVE-2026-47732" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.26.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-pr2w-4gpj-cpq4" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-47732.yaml" ] ] ] [ "advisoryId" => "PKSA-21g2-dzjv-sky5" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2026-46634.yaml" "title" => "`template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name" "link" => "https://symfony.com/cve-2026-46634" "cve" => "CVE-2026-46634" "affectedVersions" => ">=3.9.0,<3.26.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2026-05-20 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-24x9-r6q4-q93w" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2026-46634.yaml" ] ] ] [ "advisoryId" => "PKSA-v3kg-5xkr-pykw" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2025-24374.yaml" "title" => "Missing output escaping for the null coalesce operator" "link" => "https://symfony.com/blog/twig-cve-2025-24374-missing-output-escaping-for-the-null-coalesce-operator" "cve" => "CVE-2025-24374" "affectedVersions" => ">=3.16.0,<3.19.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2025-01-29 06:52:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-3xg3-cgvq-2xwr" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2025-24374.yaml" ] ] ] [ "advisoryId" => "PKSA-yhcn-xrg3-68b1" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2024-51754.yaml" "title" => "Unguarded calls to __toString() when nesting an object into an array" "link" => "https://symfony.com/blog/cve-2024-51754-unguarded-calls-to-tostring-in-a-sandbox-when-an-object-is-in-an-array-or-an-argument-list" "cve" => "CVE-2024-51754" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.11.2|>=3.12.0,<3.14.1" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2024-11-06 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-6377-hfv9-hqf6" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2024-51754.yaml" ] ] ] [ "advisoryId" => "PKSA-2wrf-1xmk-1pky" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2024-51755.yaml" "title" => "Unguarded calls to __isset() and to array-accesses when the sandbox is enabled" "link" => "https://symfony.com/blog/cve-2024-51755-unguarded-calls-to-isset-and-to-array-accesses-in-a-sandbox" "cve" => "CVE-2024-51755" "affectedVersions" => ">=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.11.2|>=3.12.0,<3.14.1" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2024-11-06 08:00:00" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-jjxq-ff2g-95vh" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2024-51755.yaml" ] ] ] [ "advisoryId" => "PKSA-6319-ffpf-gx66" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2024-45411.yaml" "title" => "Possible sandbox bypass" "link" => "https://symfony.com/blog/twig-security-release-possible-sandbox-bypass" "cve" => "CVE-2024-45411" "affectedVersions" => ">=1.0.0,<1.44.7|>=2.0.0,<2.16.0|>=3.0.0,<3.11.0|>=3.12.0,<3.14.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2024-09-09 08:51:06" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-6j75-5wfj-gh66" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2024-45411.yaml" ] ] ] [ "advisoryId" => "PKSA-n7sg-8f52-pqtf" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2022-39261.yaml" "title" => "Possibility to load a template outside a configured directory when using the filesystem loader" "link" => "https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader" "cve" => "CVE-2022-39261" "affectedVersions" => ">=1.0.0,<1.44.7|>=2.0.0,<2.15.3|>=3.0.0,<3.4.3" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-09-28 10:36:08" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-52m2-vc4m-jj33" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2022-39261.yaml" ] ] ] [ "advisoryId" => "PKSA-8kk8-h2xr-h5nx" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2022-23614.yaml" "title" => "Disallow non closures in the sort filter" "link" => "https://symfony.com/blog/twig-security-release-disallow-non-closures-in-the-sort-filter" "cve" => "CVE-2022-23614" "affectedVersions" => ">=2.0.0,<2.14.11|>=3.0.0,<3.3.8" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2022-02-04 06:52:21" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-5mv2-rx3q-4w2v" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2022-23614.yaml" ] ] ] [ "advisoryId" => "PKSA-6cvh-gt46-wq7q" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2019-9942.yaml" "title" => "Sandbox Information Disclosure" "link" => "https://symfony.com/blog/twig-sandbox-information-disclosure" "cve" => "CVE-2019-9942" "affectedVersions" => "<1.38.0|>=2.0.0,<2.7.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2019-03-12 12:35:01" "composerRepository" => "https://packagist.org" "severity" => "low" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-vxrc-68xx-x48g" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2019-9942.yaml" ] ] ] [ "advisoryId" => "PKSA-19rw-dqx2-75hc" "packageName" => "twig/twig" "remoteId" => "twig/twig/CVE-2015-7809.yaml" "title" => "Remote code execution in templates" "link" => "https://symfony.com/blog/security-release-twig-1-20-0" "cve" => "CVE-2015-7809" "affectedVersions" => "<1.20.0" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2015-08-12 15:53:50" "composerRepository" => "https://packagist.org" "severity" => "high" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-xw83-pwrm-9j74" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/CVE-2015-7809.yaml" ] ] ] [ "advisoryId" => "PKSA-g1zx-twcw-9z6k" "packageName" => "twig/twig" "remoteId" => "twig/twig/2013-04-08.yaml" "title" => "Vulnerability in the filesystem loader" "link" => "http://blog.twig.sensiolabs.org/post/47461911874/security-release-twig-1-12-3-released" "cve" => null "affectedVersions" => ">=1.0.0,<1.12.3" "source" => "FriendsOfPHP/security-advisories" "reportedAt" => "2013-04-08 00:00:00" "composerRepository" => "https://packagist.org" "severity" => "medium" "sources" => [ [ "name" => "GitHub" "remoteId" => "GHSA-7cvr-xhm5-x998" ] [ "name" => "FriendsOfPHP/security-advisories" "remoteId" => "twig/twig/2013-04-08.yaml" ] ] ] ] "thecodingmachine/safe" => [] "theseer/tokenizer" => [] "twig/string-extra" => [] "zircote/swagger-php" => [] ] ] ] |
|
| GET | https://raw.githubusercontent.com/shopware/shopware/trunk/releases.json | |
|---|---|---|
| Response |
200
[ "info" => [ "header_size" => 894 "request_size" => 161 "total_time" => 0.055531 "namelookup_time" => 0.000656 "connect_time" => 0.015574 "pretransfer_time" => 0.036167 "size_download" => 382.0 "speed_download" => 6879.0 "download_content_length" => 382.0 "starttransfer_time" => 0.055409 "primary_ip" => "2606:50c0:8003::154" "primary_port" => 443 "local_ip" => "2a12:5040:1:303:be24:11ff:fe74:d9ae" "local_port" => 40242 "http_version" => 3 "protocol" => 2 "scheme" => "https" "appconnect_time_us" => 36055 "connect_time_us" => 15574 "namelookup_time_us" => 656 "pretransfer_time_us" => 36167 "starttransfer_time_us" => 55409 "posttransfer_time_us" => 36166 "total_time_us" => 55531 "effective_method" => "GET" "cainfo" => "/etc/pki/tls/certs/ca-bundle.crt" "start_time" => 1781720190.4855 "original_url" => "https://raw.githubusercontent.com/shopware/shopware/trunk/releases.json" "pause_handler" => Closure(float $duration) {#1549 : "Symfony\Component\HttpClient\Response\CurlResponse" : { : CurlHandle {#1533 …} : Symfony\Component\HttpClient\Internal\CurlClientState {#1362 …} : -9223372036854775766 } } "debug" => """ * Trying [2606:50c0:8003::154]:443...\n * Host raw.githubusercontent.com:443 was resolved.\n * IPv6: 2606:50c0:8003::154, 2606:50c0:8000::154, 2606:50c0:8001::154, 2606:50c0:8002::154\n * IPv4: 185.199.108.133, 185.199.109.133, 185.199.111.133, 185.199.110.133\n * ALPN: curl offers h2,http/1.1\n * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / [blank] / UNDEF\n * ALPN: server accepted h2\n * Server certificate:\n * subject: CN=*.github.io\n * start date: Apr 6 23:32:36 2026 GMT\n * expire date: Jul 5 23:32:35 2026 GMT\n * issuer: C=US; O=Let's Encrypt; CN=R12\n * Certificate level 0: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption\n * Certificate level 1: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption\n * Certificate level 2: Public key type ? (4096/128 Bits/secBits), signed using sha256WithRSAEncryption\n * subjectAltName: "raw.githubusercontent.com" matches cert's "*.githubusercontent.com"\n * OpenSSL verify result: 0\n * SSL certificate verified via OpenSSL.\n * Established connection to raw.githubusercontent.com (2606:50c0:8003::154 port 443) from 2a12:5040:1:303:be24:11ff:fe74:d9ae port 40242 \n * using HTTP/2\n * [HTTP/2] [1] OPENED stream for https://raw.githubusercontent.com/shopware/shopware/trunk/releases.json\n * [HTTP/2] [1] [:method: GET]\n * [HTTP/2] [1] [:scheme: https]\n * [HTTP/2] [1] [:authority: raw.githubusercontent.com]\n * [HTTP/2] [1] [:path: /shopware/shopware/trunk/releases.json]\n * [HTTP/2] [1] [accept: */*]\n * [HTTP/2] [1] [user-agent: Symfony HttpClient (Curl)]\n * [HTTP/2] [1] [accept-encoding: gzip]\n > GET /shopware/shopware/trunk/releases.json HTTP/2\r\n Host: raw.githubusercontent.com\r\n Accept: */*\r\n User-Agent: Symfony HttpClient (Curl)\r\n Accept-Encoding: gzip\r\n \r\n * Request completely sent off\n < HTTP/2 200 \r\n < cache-control: max-age=300\r\n < content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox\r\n < content-type: text/plain; charset=utf-8\r\n < etag: W/"5766c9f7357188b9518954d63ce7c26dadb1e1d011d70d3674042cb892f4d874"\r\n < strict-transport-security: max-age=31536000\r\n < x-content-type-options: nosniff\r\n < x-frame-options: deny\r\n < x-xss-protection: 1; mode=block\r\n < x-github-request-id: 21C8:36A1AC:385FC1:3D7B4A:6A30304C\r\n < content-encoding: gzip\r\n < accept-ranges: bytes\r\n < date: Wed, 17 Jun 2026 18:16:30 GMT\r\n < via: 1.1 varnish\r\n < x-served-by: cache-par-lfpg1960060-PAR\r\n < x-cache: HIT\r\n < x-cache-hits: 1\r\n < x-timer: S1781720191.532519,VS0,VE1\r\n < vary: Authorization,Accept-Encoding\r\n < access-control-allow-origin: *\r\n < cross-origin-resource-policy: cross-origin\r\n < x-fastly-request-id: e43e55bc1994ccac8504483e4bcb07cf9ef85ddd\r\n < expires: Wed, 17 Jun 2026 18:21:30 GMT\r\n < source-age: 43\r\n < content-length: 382\r\n < \r\n """ ] "response_headers" => [ "HTTP/2 200 " "cache-control: max-age=300" "content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox" "content-type: text/plain; charset=utf-8" "etag: W/"5766c9f7357188b9518954d63ce7c26dadb1e1d011d70d3674042cb892f4d874"" "strict-transport-security: max-age=31536000" "x-content-type-options: nosniff" "x-frame-options: deny" "x-xss-protection: 1; mode=block" "x-github-request-id: 21C8:36A1AC:385FC1:3D7B4A:6A30304C" "content-encoding: gzip" "accept-ranges: bytes" "date: Wed, 17 Jun 2026 18:16:30 GMT" "via: 1.1 varnish" "x-served-by: cache-par-lfpg1960060-PAR" "x-cache: HIT" "x-cache-hits: 1" "x-timer: S1781720191.532519,VS0,VE1" "vary: Authorization,Accept-Encoding" "access-control-allow-origin: *" "cross-origin-resource-policy: cross-origin" "x-fastly-request-id: e43e55bc1994ccac8504483e4bcb07cf9ef85ddd" "expires: Wed, 17 Jun 2026 18:21:30 GMT" "source-age: 43" "content-length: 382" ] "response_content" => [ """ [\n {\n "version": "6.4",\n "release_date": "2021-05-04",\n "extended_eol": false,\n "security_eol": "2025-05-14"\n },\n {\n "version": "6.5",\n "release_date": "2023-05-03",\n "extended_eol": false,\n "security_eol": "2025-05-14"\n },\n {\n "version": "6.5.8.0",\n "release_date": "2024-01-15",\n "extended_eol": "2025-05-14",\n "security_eol": "2027-02-28"\n },\n {\n "version": "6.6.0.0",\n "release_date": "2024-03-21",\n "extended_eol": false,\n "security_eol": "2027-02-28"\n },\n {\n "version": "6.6.1.0",\n "release_date": "2024-04-09",\n "extended_eol": false,\n "security_eol": "2027-02-28"\n },\n {\n "version": "6.6.2.0",\n "release_date": "2024-05-06",\n "extended_eol": false,\n "security_eol": "2027-02-28"\n },\n {\n "version": "6.6.3.0",\n "release_date": "2024-06-04",\n "extended_eol": false,\n "security_eol": "2027-02-28"\n },\n {\n "version": "6.6.4.0",\n "release_date": "2024-07-01",\n "extended_eol": false,\n "security_eol": "2027-02-28"\n },\n {\n "version": "6.6.5.0",\n "release_date": "2024-08-06",\n "extended_eol": false,\n "security_eol": "2027-02-28"\n },\n {\n "version": "6.6.6.0",\n "release_date": "2024-09-03",\n "extended_eol": false,\n "security_eol": "2027-02-28"\n },\n {\n "version": "6.6.7.0",\n "release_date": "2024-10-14",\n "extended_eol": false,\n "security_eol": "2027-02-28"\n },\n {\n "version": "6.6.8.0",\n "release_date": "2024-11-06",\n "extended_eol": false,\n "security_eol": "2027-02-28"\n },\n {\n "version": "6.6.9.0",\n "release_date": "2024-12-03",\n "extended_eol": false,\n "security_eol": "2027-02-28"\n },\n {\n "version": "6.6.10.0",\n "release_date": "2025-02-03",\n "extended_eol": "2027-02-28",\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.0.0",\n "release_date": "2025-06-17",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n \n {\n "version": "6.7.1.0",\n "release_date": "2025-07-24",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.2.0",\n "release_date": "2025-09-01",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.3.0",\n "release_date": "2025-10-06",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.4.0",\n "release_date": "2025-11-04",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.5.0",\n "release_date": "2025-12-02",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.6.0",\n "release_date": "2026-01-12",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.7.0",\n "release_date": "2026-02-02",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.8.0",\n "release_date": "2026-03-02",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.9.0",\n "release_date": "2026-04-14",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.10.0",\n "release_date": "2026-05-04",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.11.0",\n "release_date": "2026-06-01",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.12.0",\n "release_date": "2026-07-06",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n },\n {\n "version": "6.7.13.0",\n "release_date": "2026-08-03",\n "extended_eol": false,\n "security_eol": "2028-02-28"\n }\n ]\n """ ] ] |
|