File tree Expand file tree Collapse file tree 1 file changed +5
-1
lines changed
Expand file tree Collapse file tree 1 file changed +5
-1
lines changed Original file line number Diff line number Diff line change 11# True positive but we expect Lychee to be run behind a reverse proxy that is taking care of the cryptography and TLS configuration.
22# Waiting of frankenphp to update the golang dependencies
33CVE-2026-25793
4+
45# This CVE is stupid and disputed.
56# The "vulnerability" is that php-jwt accepts short HMAC keys without validation.
67# This is not a library bug — key management is the caller's responsibility.
78# PHP's own hash_hmac() and openssl_sign() behave identically and have no CVEs for this.
89# NVD agrees — hence the Disputed tag and no score from NIST.
9- CVE-2025-45769
10+ CVE-2025-45769
11+
12+ # True positive but local attack vector, we will be waiting for frankenphp to update their image.
13+ CVE-2026-0861
You can’t perform that action at this time.
0 commit comments