pontedilana/php-weasyprint Security Advisories for 2.5.1 (3)
-
[MEDIUM] PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option
PKSA-q4hm-4pvf-f13w CVE-2026-49359 GHSA-x8g9-h984-pc36
Affected version: <=2.5.1
Reported by:
GitHub -
[LOW] PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles
PKSA-69w1-spwq-4gvw CVE-2026-49358 GHSA-5g9f-cwwg-4p8g
Affected version: <=2.5.1
Reported by:
GitHub -
[HIGH] PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)
PKSA-xz12-xgjc-r2wn CVE-2026-49286 GHSA-2fmj-p74r-3wjm
Affected version: <=2.5.1
Reported by:
GitHub