guzzlehttp/guzzle
Packagist8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting guzzlehttp/guzzlepage 1 of 1
- CVE-2016-5385HIGHCVSS 8.1EG 8.1✓ Fixed in 5.3.12016-07-19
vulnerable: 5.0.0 ... 5.3.0 (7 versions)
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remo…
- CVE-2022-29248HIGHCVSS 8.0EG 8.0✓ Fixed in 7.4.32022-05-25
vulnerable: 7.0.0 ... 7.4.2 (9 versions)
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cook…
- CVE-2022-31042HIGHCVSS 7.5EG 7.5✓ Fixed in 7.4.42022-06-10
vulnerable: 7.0.0 ... 7.4.3 (10 versions)
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` sch…
- CVE-2022-31043HIGHCVSS 7.5EG 7.5✓ Fixed in 7.4.42022-06-10
vulnerable: 7.0.0 ... 7.4.3 (10 versions)
Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` …
- CVE-2022-31090HIGHCVSS 7.7EG 7.7✓ Fixed in 7.4.52022-06-27
vulnerable: 7.0.0 ... 7.4.4 (11 versions)
Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` heade…
- CVE-2022-31091HIGHCVSS 7.7EG 7.7✓ Fixed in 7.4.52022-06-27
vulnerable: 7.0.0 ... 7.4.4 (11 versions)
Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to foll…
- CVE-2026-55568MEDIUMCVSS 5.9EG 5.9✓ Fixed in 7.12.12026-06-19
vulnerable: 4.0.0 ... v3.8.1 (163 versions)
Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials (the Proxy-Authorization hea…
- CVE-2026-55767MEDIUMCVSS 5.8EG 5.8✓ Fixed in 7.12.12026-06-19
vulnerable: 4.0.0 ... v3.8.1 (163 versions)
Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain() removes leading dots from the cookie domain, normal…
Check whether guzzlehttp/guzzle is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for guzzlehttp/guzzle CVEs against the assets you own.
Start Free Scan →