Guzzle Guzzle
7 CVEs affecting Guzzle Guzzle. Latest disclosed: 2026-06-23. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-29248 | High | 8.0 | 2022-05-25 | Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not… |
CVE-2022-31091 | High | 7.7 | 2022-06-27 | Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request whi… |
CVE-2022-31090 | High | 7.7 | 2022-06-27 | Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is p… |
CVE-2022-31043 | High | 7.5 | 2022-06-10 | Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `ht… |
CVE-2022-31042 | High | 7.5 | 2022-06-10 | Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https… |
CVE-2026-55568 | Medium | 5.9 | 2026-06-23 | Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmi… |
CVE-2026-55767 | Medium | 5.8 | 2026-06-23 | Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants… |