Package impact
Packagist / web-auth/webauthn-lib
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-30964 | medium | 5.4 | 5.4 | 3mo ago | Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation | |||
| CVE-2024-39912 | unknown | — | — | 2y ago | The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames |