Security: php/php-src
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
NULL pointer dereference in SOAP apache:Map decoder with missing <value>GHSA-hmxp-6pc4-f3vv published
May 7, 2026 by iluuu1994Moderate -
SoapServer session-persisted object use-after-free via SOAP header faultGHSA-m33r-qmcv-p97q published
May 7, 2026 by iluuu1994Moderate -
Use-After-Free in SOAP using Apache map with Remote Code ExecutionGHSA-85c2-q967-79q5 published
May 7, 2026 by iluuu1994High -
Out-of-bounds read in urldecode()GHSA-m8rr-4c36-8gq4 published
May 7, 2026 by iluuu1994Moderate -
Global buffer over-read in mb_convert_encoding() with attacker-supplied encodingGHSA-74r9-qxhc-fx53 published
May 7, 2026 by iluuu1994Moderate -
DoS attack via DOMNode::C14N()GHSA-4jhr-8w89-j733 published
May 7, 2026 by iluuu1994High -
XSS within PHP-FPM status endpointGHSA-7qg2-v9fj-4mwv published
May 7, 2026 by iluuu1994Moderate -
Signed integer overflow in metaphone()GHSA-96wq-48vp-hh57 published
May 7, 2026 by iluuu1994Low -
Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()GHSA-wm6j-2649-pv75 published
May 7, 2026 by iluuu1994Low -
Information Leak of Memory in getimagesizeGHSA-3237-qqm7-mfv7 published
Dec 18, 2025 by bukkaModerate