If you discover any security related issues, please email security@yeehaw.dev instead of using the issue tracker.
Security: saloonphp/saloon
Security
.github/SECURITY.md
-
Insecure deserialisation in AccessTokenAuthenticator (object injection / RCE)GHSA-rf88-776r-rcq9 published
Mar 25, 2026 by Sammyjo20High -
Fixture name path traversal (out-of-bounds file read/write)GHSA-f7xc-5852-fj99 published
Mar 25, 2026 by Sammyjo20Low -
Absolute URL in endpoint overrides base URL (SSRF / credential leakage)GHSA-c83f-3xp6-hfcp published
Mar 25, 2026 by Sammyjo20Moderate
Learn more about advisories related to saloonphp/saloon in the GitHub Advisory Database