Package impact
Packagist / phpunit/phpunit
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-9841 | critical | — | 10.0 | 4y ago | PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., exte… | |
| CVE-2026-41570 | high | 7.8 | 7.8 | 20d ago | PHPUnit has Argument injection via newline in PHP INI values that are forwarded to child processes |