web-auth/webauthn-framework

Packagist3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting web-auth/webauthn-frameworkpage 1 of 1

CVE-2021-38299CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.3.4
2021-09-27
vulnerable: v3.3.0, v3.3.1, v3.3.2, v3.3.3
Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user's system is able to login to a vulnerable service using an attached FIDO2 authenticator without passing a check of the user presence.
CVE-2024-39912MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.9.0
2024-07-15
vulnerable: 4.5.0 ... 4.8.7 (26 versions)
web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCrede…
CVE-2026-30964MEDIUMCVSS 5.4EG 5.4✓ Fixed in 5.2.4
2026-03-10
vulnerable: 5.2.0, 5.2.1, 5.2.2, 5.2.3
web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowed_origins is configured, CheckAllowedO…

Check whether web-auth/webauthn-framework is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for web-auth/webauthn-framework CVEs against the assets you own.

Start Free Scan →