Vulnerabilities in guzzle
14 resultsCVE-2022-24775HIGHImproper Input Validation in guzzlehttp/psr7EPSS 2.4%CVE-2022-31042HIGHFailure to strip the Cookie header on change in host or HTTP downgrade in GuzzleEPSS 1.8%CVE-2022-31043HIGHFix failure to strip Authorization header on HTTP downgrade in GuzzleEPSS 1.8%CVE-2022-31090HIGHCURLOPT_HTTPAUTH option not cleared on change of origin in GuzzleEPSS 1.4%CVE-2022-29248HIGHCross-domain cookie leakage in GuzzleEPSS 1.2%CVE-2023-29197MEDIUMImproper header name validation in guzzlehttp/psr7EPSS 1.2%CVE-2022-31091HIGHChange in port should be considered a change in origin in GuzzleEPSS 1.1%CVE-2025-21617MEDIUMGuzzle OAuth Subscriber has insufficient nonce entropyEPSS 0.4%CVE-2026-53723MEDIUMguzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA TerminatorEPSS 0.2%CVE-2026-48998MEDIUMguzzlehttp/psr7 has Host Confusion via Authority ReinterpretationEPSS 0.2%CVE-2026-49214MEDIUMguzzlehttp/psr7 has CRLF Injection via URI Host ComponentEPSS 0.2%CVE-2026-55767MEDIUMGuzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzleEPSS —CVE-2026-55568MEDIUMGuzzle: Silent HTTPS-Proxy Downgrade to CleartextEPSS —CVE-2026-55766MEDIUMguzzlehttp/psr7: CRLF Injection in HTTP Start-Line SerializationEPSS —