[LOW] CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

PKSA-df53-cqz9-c3zn CVE-2026-46644 GHSA-2xf4-cg6j-vhgq

Affected version: >=1.17.1,<1.38.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] Possible DOS attack with long user-submitted passwords (correct fix for CVE-2013-5958)

PKSA-4s52-qcxz-xchq CVE-2013-5958 GHSA-cr49-fx2v-9p57

Affected version: >=1.0.0,<1.10.0

Reported by:
GitHub, FriendsOfPHP/security-advisories