Package impact
COMPOSER / phpseclib/phpseclib
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-32935 | medium | 5.9 | 5.9 | 2mo ago | phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack | |
| CVE-2026-40194 | low | 3.7 | 3.7 | 2mo ago | phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals() |