pontedilana/php-weasyprint
php · pontedilana/php-weasyprintHeads-up
pontedilana/php-weasyprint <= 2.5.1 arbitrary file deletion via temporaryFiles
A security advisory was published for pontedilana/php-weasyprint versions <= 2.
27 Jun 2026 · schedule it
php · pontedilana/php-weasyprintHeads-up
pontedilana/php-weasyprint SSRF and local file disclosure via attachment option
Versions <= 2.5.1 are vulnerable to SSRF and local file disclosure via the attachment option, which uses file_get_contents() on an
27 Jun 2026 · schedule it
php · pontedilana/php-weasyprintCritical
pontedilana/php-weasyprint <= 2.5.0 Shell Command Injection
A shell-command injection vulnerability was discovered in pontedilana/php-weasyprint versions <= 2.
27 Jun 2026 · act now
php · pontedilana/php-weasyprintCritical
pontedilana/php-weasyprint: PHAR deserialization via phar:// blacklist bypass
A case-insensitive bypass of the phar:// blacklist in prepareOutput() allows PHAR deserialization on PHP < 8, leading to remote co
27 Jun 2026 · act now