[HIGH] phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

PKSA-km2b-zc3b-mjm3 CVE-2026-32935 GHSA-94g3-g5v7-q4jg

Affected version: <=1.0.26|>=2.0.0,<=2.0.51|>=3.0.0,<=3.0.49

Reported by:
GitHub

[HIGH] Name confusion in x509 Subject Alternative Name fields

PKSA-4p7m-np8m-fq35 CVE-2023-52892 GHSA-ff7q-6vwh-v9m4

Affected version: >=3.0.0,<3.0.33|>=2.0.0,<2.0.46|<1.0.22

Reported by:
GitHub

[HIGH] Improper Certificate Validation in phpseclib

PKSA-mnsd-qtjt-pgcq CVE-2021-30130 GHSA-vf4w-fg7r-5v94

Affected version: <2.0.31|>=3.0.0,<3.0.7

Reported by:
GitHub, FriendsOfPHP/security-advisories