Missing PHP/composer/packagist vulnerabilities

[G-Rath]

I was comparing the results of osv-detector to local-php-security-checker and found a few advisories that don't seem to be in the database:

https://symfony.com/blog/twig-sandbox-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2017-9841 https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner https://github.com/FriendsOfPHP/security-advisories/blob/master/erusev/parsedown/CVE-2018-1000162.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/erusev/parsedown/CVE-2019-10905.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/sabberworm/php-css-parser/CVE-2020-13756.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-05-18.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-03-01.yaml https://framework.zend.com/security/advisory/ZF2018-01 https://www.silverstripe.org/download/security-releases/cve-2020-26138/ https://www.silverstripe.org/download/security-releases/cve-2021-25817/

Most of them seem like they should be straightforward to add, though the Zend Framework one(s) I'm not so sure about. Let me know if I can help in anyway.

[darakian]

Got all but two out. Double check me, but most of the info comes from friends of PHP.

Zend is presenting a few issues so, I'll get to that next week.

CVE-2021-25817 - https://nvd.nist.gov/vuln/detail/CVE-2021-25817 Has not yet made it to mitre, so I'm holding off on that for now.

[KateCatlin]

Looks like this has been resolved so I'm going to close this issue, thanks all!