Browse all 5 CVE security advisories affecting thephpleague. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33347 | league/commonmark has an embed extension allowed_domains bypass — commonmarkCWE-79 | 9.1 | - | 2026-03-24 |
| CVE-2026-30838 | league/commonmark: DisallowedRawHtml extension bypass via whitespace in HTML tag names — commonmarkCWE-79 | 5.4 | - | 2026-03-07 |
| CVE-2025-46734 | league/commonmark Cross-site Scripting vulnerability in Attributes extension — commonmarkCWE-79 | 6.4 | Medium | 2025-05-05 |
| CVE-2023-37260 | league/oauth2-server key exposed in exception message when passing as string and providing invalid pass phrase — oauth2-serverCWE-209 | 8.2 | High | 2023-07-06 |
| CVE-2021-32708 | Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem — flysystemCWE-367 | 9.8 | Critical | 2021-06-24 |
This page lists every published CVE security advisory associated with thephpleague. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.