guzzlehttp/psr7

PSR-7 message implementation that also provides common utility methods

Latest 2.12.3

100%

Total Score

Dependencies

100

Maturity

100

Supply Chain

100

Are you affected? Scan for Free

Vulnerabilities

Title	Versions	Severity
CVE-2026-55766 New guzzlehttp/psr7 is vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection') in versions 0.0.0 - 2.12.1.	0.0.0 - 2.12.1	Medium
CVE-2026-48998 guzzlehttp/psr7 is vulnerable to Improper Input Validation in versions 0.0.0 - 2.10.2.	0.0.0 - 2.10.2	Medium
CVE-2026-49214 guzzlehttp/psr7 is vulnerable to Improper Input Validation in versions 0.0.0 - 2.10.2.	0.0.0 - 2.10.2	Medium
AIKIDO-2026-11089 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. guzzlehttp/psr7 is vulnerable to Denial of Service in versions 2.0.0 - 2.10.3.	2.0.0 - 2.10.3	Medium
AIKIDO-2026-10932 guzzlehttp/psr7 is vulnerable to Server-side Request Forgery (SSRF) in versions 0.0.1 - 2.10.1.	0.0.1 - 2.10.1	Medium

Graham Campbell

Michael Dowling

George Mponos

Tobias Nyholm

Márk Sági-Kazár

Tobias Schultze

Márk Sági-Kazár

Dependency	Last Release	Score
psr/http-factory Version ^1.0	—	—
psr/http-message Version ^1.1 \|\| ^2.0	—	—
symfony/polyfill-php80 Version ^1.25	—	—
ralouphie/getallheaders Version ^3.0	—	—
symfony/deprecation-contracts Version ^2.5 \|\| ^3.0	—	—