Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/phpwhois/phpwhois@4.2.3
purl pkg:composer/phpwhois/phpwhois@4.2.3
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-rrkv-3fw9-k7eq
Aliases:
CVE-2015-5243
GHSA-c95f-27gx-6vq9
Code Injection phpWhois allows remote attackers to execute arbitrary code via a crafted whois record. There are no reported fixed by versions.
VCID-ykxw-rc3n-g3g4
Aliases:
CVE-2021-43698
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') PhpWhois is affected by a Cross Site Scripting (XSS) vulnerability. In file `example.php`, the exit function will terminate the script and print the message to the user. The message contains the result of the `$_GET['query']` leading to an XSS vulnerability. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T01:11:03.958611+00:00 GitLab Importer Affected by VCID-ykxw-rc3n-g3g4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpwhois/phpwhois/CVE-2021-43698.yml 38.6.0
2026-06-04T20:14:16.346792+00:00 GitLab Importer Affected by VCID-rrkv-3fw9-k7eq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpwhois/phpwhois/CVE-2015-5243.yml 38.6.0