{"advisories":{"guzzlehttp\/psr7":[{"advisoryId":"PKSA-7qs6-zvnz-h66r","packageName":"guzzlehttp\/psr7","remoteId":"guzzlehttp\/psr7\/CVE-2026-55766.yaml","title":"CRLF injection in HTTP start-line serialization","link":"https:\/\/github.com\/guzzle\/psr7\/security\/advisories\/GHSA-vm85-hxw5-5432","cve":"CVE-2026-55766","affectedVersions":"\u003C2.12.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2026-06-18 09:49:37","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-vm85-hxw5-5432"},{"name":"FriendsOfPHP\/security-advisories","remoteId":"guzzlehttp\/psr7\/CVE-2026-55766.yaml"}]},{"advisoryId":"PKSA-gm5x-j3mz-71n9","packageName":"guzzlehttp\/psr7","remoteId":"guzzlehttp\/psr7\/CVE-2026-49214.yaml","title":"CRLF injection via URI host component","link":"https:\/\/github.com\/guzzle\/psr7\/security\/advisories\/GHSA-hq7v-mx3g-29hw","cve":"CVE-2026-49214","affectedVersions":"\u003C2.10.2","source":"FriendsOfPHP\/security-advisories","reportedAt":"2026-05-25 22:58:15","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-hq7v-mx3g-29hw"},{"name":"FriendsOfPHP\/security-advisories","remoteId":"guzzlehttp\/psr7\/CVE-2026-49214.yaml"}]},{"advisoryId":"PKSA-jj5t-2zs1-dcfm","packageName":"guzzlehttp\/psr7","remoteId":"guzzlehttp\/psr7\/CVE-2026-48998.yaml","title":"Host confusion via authority reinterpretation","link":"https:\/\/github.com\/guzzle\/psr7\/security\/advisories\/GHSA-34xg-wgjx-8xph","cve":"CVE-2026-48998","affectedVersions":"\u003C2.10.2","source":"FriendsOfPHP\/security-advisories","reportedAt":"2026-05-25 22:58:15","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-34xg-wgjx-8xph"},{"name":"FriendsOfPHP\/security-advisories","remoteId":"guzzlehttp\/psr7\/CVE-2026-48998.yaml"}]},{"advisoryId":"PKSA-hn62-zkx4-1y5q","packageName":"guzzlehttp\/psr7","remoteId":"guzzlehttp\/psr7\/CVE-2023-29197.yaml","title":"Improper header validation","link":"https:\/\/github.com\/guzzle\/psr7\/security\/advisories\/GHSA-wxmh-65f7-jcvw","cve":"CVE-2023-29197","affectedVersions":"\u003E=2,\u003C2.4.5|\u003C1.9.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2023-04-17 16:00:37","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-wxmh-65f7-jcvw"},{"name":"FriendsOfPHP\/security-advisories","remoteId":"guzzlehttp\/psr7\/CVE-2023-29197.yaml"}]},{"advisoryId":"PKSA-gvzg-s447-b5b5","packageName":"guzzlehttp\/psr7","remoteId":"guzzlehttp\/psr7\/CVE-2022-24775.yaml","title":"Inproper parsing of HTTP headers","link":"https:\/\/github.com\/guzzle\/psr7\/security\/advisories\/GHSA-q7rv-6hp3-vh96","cve":"CVE-2022-24775","affectedVersions":"\u003E=2,\u003C2.1.1|\u003C1.8.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2022-03-20 13:44:44","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-q7rv-6hp3-vh96"},{"name":"FriendsOfPHP\/security-advisories","remoteId":"guzzlehttp\/psr7\/CVE-2022-24775.yaml"}]}]}}