{"advisories":{"guzzlehttp\/guzzle":[{"advisoryId":"PKSA-yfw5-9gnj-n2c7","packageName":"guzzlehttp\/guzzle","remoteId":"guzzlehttp\/guzzle\/CVE-2022-31091.yaml","title":"Change in port should be considered a change in origin","link":"https:\/\/github.com\/guzzle\/guzzle\/security\/advisories\/GHSA-q559-8m2m-g699","cve":"CVE-2022-31091","affectedVersions":"\u003E=7,\u003C7.4.5|\u003E=4,\u003C6.5.8","source":"FriendsOfPHP\/security-advisories","reportedAt":"2022-06-20 22:24:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-q559-8m2m-g699"},{"name":"FriendsOfPHP\/security-advisories","remoteId":"guzzlehttp\/guzzle\/CVE-2022-31091.yaml"}]},{"advisoryId":"PKSA-k1b4-kshy-xgbh","packageName":"guzzlehttp\/guzzle","remoteId":"guzzlehttp\/guzzle\/CVE-2022-31090.yaml","title":"CURLOPT_HTTPAUTH option not cleared on change of origin","link":"https:\/\/github.com\/guzzle\/guzzle\/security\/advisories\/GHSA-25mq-v84q-4j7r","cve":"CVE-2022-31090","affectedVersions":"\u003E=7,\u003C7.4.5|\u003E=4,\u003C6.5.8","source":"FriendsOfPHP\/security-advisories","reportedAt":"2022-06-20 22:24:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-25mq-v84q-4j7r"},{"name":"FriendsOfPHP\/security-advisories","remoteId":"guzzlehttp\/guzzle\/CVE-2022-31090.yaml"}]},{"advisoryId":"PKSA-2z36-j4q9-rsfy","packageName":"guzzlehttp\/guzzle","remoteId":"guzzlehttp\/guzzle\/CVE-2022-31043.yaml","title":"Fix failure to strip Authorization header on HTTP downgrade","link":"https:\/\/github.com\/guzzle\/guzzle\/security\/advisories\/GHSA-w248-ffj2-4v5q","cve":"CVE-2022-31043","affectedVersions":"\u003E=7,\u003C7.4.4|\u003E=4,\u003C6.5.7","source":"FriendsOfPHP\/security-advisories","reportedAt":"2022-06-09 23:36:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-w248-ffj2-4v5q"},{"name":"FriendsOfPHP\/security-advisories","remoteId":"guzzlehttp\/guzzle\/CVE-2022-31043.yaml"}]},{"advisoryId":"PKSA-fvw5-9t6n-nwvr","packageName":"guzzlehttp\/guzzle","remoteId":"guzzlehttp\/guzzle\/CVE-2022-31042.yaml","title":"Failure to strip the Cookie header on change in host or HTTP downgrade","link":"https:\/\/github.com\/guzzle\/guzzle\/security\/advisories\/GHSA-f2wf-25xc-69c9","cve":"CVE-2022-31042","affectedVersions":"\u003E=7,\u003C7.4.4|\u003E=4,\u003C6.5.7","source":"FriendsOfPHP\/security-advisories","reportedAt":"2022-06-09 23:36:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-f2wf-25xc-69c9"},{"name":"FriendsOfPHP\/security-advisories","remoteId":"guzzlehttp\/guzzle\/CVE-2022-31042.yaml"}]},{"advisoryId":"PKSA-6d8m-6kgw-18zr","packageName":"guzzlehttp\/guzzle","remoteId":"guzzlehttp\/guzzle\/CVE-2022-29248.yaml","title":"Cross-domain cookie leakage","link":"https:\/\/github.com\/guzzle\/guzzle\/security\/advisories\/GHSA-cwmx-hcrq-mhc3","cve":"CVE-2022-29248","affectedVersions":"\u003E=7,\u003C7.4.3|\u003E=4,\u003C6.5.6","source":"FriendsOfPHP\/security-advisories","reportedAt":"2022-05-25 13:21:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-cwmx-hcrq-mhc3"},{"name":"FriendsOfPHP\/security-advisories","remoteId":"guzzlehttp\/guzzle\/CVE-2022-29248.yaml"}]},{"advisoryId":"PKSA-stmn-hvzq-wph6","packageName":"guzzlehttp\/guzzle","remoteId":"guzzlehttp\/guzzle\/CVE-2016-5385.yaml","title":"HTTP Proxy header vulnerability","link":"https:\/\/github.com\/guzzle\/guzzle\/releases\/tag\/6.2.1","cve":"CVE-2016-5385","affectedVersions":"\u003E=6,\u003C6.2.1|\u003E=4.0.0-rc2,\u003C4.2.4|\u003E=5,\u003C5.3.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2015-07-15 17:14:23","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-m6ch-gg5f-wxx3"},{"name":"FriendsOfPHP\/security-advisories","remoteId":"guzzlehttp\/guzzle\/CVE-2016-5385.yaml"}]}]}}