guzzlehttp/psr7
Packagist5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting guzzlehttp/psr7page 1 of 1
- CVE-2022-24775HIGHCVSS 7.5EG 7.5✓ Fixed in 2.1.12022-03-21
vulnerable: 2.0.0, 2.1.0
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.…
- CVE-2023-29197MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.4.52023-04-17
vulnerable: 2.0.0 ... 2.4.4 (13 versions)
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification state…
- CVE-2026-48998MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.10.22026-06-11
vulnerable: 1.0.0 ... 2.9.1 (55 versions)
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An…
- CVE-2026-49214MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.10.22026-06-11
vulnerable: 1.0.0 ... 2.9.1 (55 versions)
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application acc…
- CVE-2026-55766MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.12.12026-06-19
vulnerable: 1.0.0 ... 2.9.1 (61 versions)
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reaso…
Check whether guzzlehttp/psr7 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for guzzlehttp/psr7 CVEs against the assets you own.
Start Free Scan →