{"url":"http://public2.vulnerablecode.io/api/packages/566597?format=json","purl":"pkg:composer/spatie/browsershot@3.5.0","type":"composer","namespace":"spatie","name":"browsershot","version":"3.5.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.0.5","latest_non_vulnerable_version":"5.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115954?format=json","vulnerability_id":"VCID-3dyh-k3q2-47at","summary":"Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1022","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39483","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1022"},{"reference_url":"https://github.com/spatie/browsershot","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1022","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1022"},{"reference_url":"https://gist.github.com/mrdgef/a820837c530e09e1dd725e013e0d4341","reference_id":"a820837c530e09e1dd725e013e0d4341","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:29:07Z/"}],"url":"https://gist.github.com/mrdgef/a820837c530e09e1dd725e013e0d4341"},{"reference_url":"https://github.com/spatie/browsershot/commit/bcfd608b264fab654bf78e199bdfbb03e9323eb7","reference_id":"bcfd608b264fab654bf78e199bdfbb03e9323eb7","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:29:07Z/"}],"url":"https://github.com/spatie/browsershot/commit/bcfd608b264fab654bf78e199bdfbb03e9323eb7"},{"reference_url":"https://github.com/spatie/browsershot/commit/e3273974506865a24fbb5b65b534d8d4b8dfbf72","reference_id":"e3273974506865a24fbb5b65b534d8d4b8dfbf72","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:29:07Z/"}],"url":"https://github.com/spatie/browsershot/commit/e3273974506865a24fbb5b65b534d8d4b8dfbf72"},{"reference_url":"https://github.com/advisories/GHSA-j2gw-r24m-j2qw","reference_id":"GHSA-j2gw-r24m-j2qw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j2gw-r24m-j2qw"},{"reference_url":"https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496747","reference_id":"SNYK-PHP-SPATIEBROWSERSHOT-8496747","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:29:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496747"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377380?format=json","purl":"pkg:composer/spatie/browsershot@5.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spatie/browsershot@5.0.5"}],"aliases":["CVE-2025-1022","GHSA-j2gw-r24m-j2qw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3dyh-k3q2-47at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163344?format=json","vulnerability_id":"VCID-8135-c431-8fhp","summary":"Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43983","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60724","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43983"},{"reference_url":"https://fluidattacks.com/advisories/khalid","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://fluidattacks.com/advisories/khalid"},{"reference_url":"https://github.com/spatie/browsershot","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot"},{"reference_url":"https://github.com/spatie/browsershot/commit/92cf16fc098211731f80d21687abeafbe2c457ad","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot/commit/92cf16fc098211731f80d21687abeafbe2c457ad"},{"reference_url":"https://github.com/spatie/browsershot/","reference_id":"browsershot","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T14:38:31Z/"}],"url":"https://github.com/spatie/browsershot/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43983","reference_id":"CVE-2022-43983","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43983"},{"reference_url":"https://github.com/advisories/GHSA-82h9-v8vh-mfpq","reference_id":"GHSA-82h9-v8vh-mfpq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-82h9-v8vh-mfpq"},{"reference_url":"https://fluidattacks.com/advisories/khalid/","reference_id":"khalid","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T14:38:31Z/"}],"url":"https://fluidattacks.com/advisories/khalid/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28059?format=json","purl":"pkg:composer/spatie/browsershot@3.57.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dyh-k3q2-47at"},{"vulnerability":"VCID-ejww-qjam-1fbf"},{"vulnerability":"VCID-qc9t-6b4q-jkek"},{"vulnerability":"VCID-s5nz-tfpg-2fam"},{"vulnerability":"VCID-svjg-s77j-5kdu"},{"vulnerability":"VCID-xaz2-fj7y-ukaw"},{"vulnerability":"VCID-yp2p-qd2k-33at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spatie/browsershot@3.57.3"}],"aliases":["CVE-2022-43983","GHSA-82h9-v8vh-mfpq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8135-c431-8fhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48622?format=json","vulnerability_id":"VCID-ejww-qjam-1fbf","summary":"Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method.\r\rAn attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21544","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44435","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21544"},{"reference_url":"https://github.com/spatie/browsershot","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21544","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21544"},{"reference_url":"https://github.com/spatie/browsershot/blob/1e212b596c104138550ed4ef1b9977d8df570c67/src/Browsershot.php%23L258-L269","reference_id":"Browsershot.php%23L258-L269","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-16T18:17:07Z/"}],"url":"https://github.com/spatie/browsershot/blob/1e212b596c104138550ed4ef1b9977d8df570c67/src/Browsershot.php%23L258-L269"},{"reference_url":"https://github.com/spatie/browsershot/commit/fae8396641b961f62bd756920b14f01a4391296e","reference_id":"fae8396641b961f62bd756920b14f01a4391296e","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-16T18:17:07Z/"}],"url":"https://github.com/spatie/browsershot/commit/fae8396641b961f62bd756920b14f01a4391296e"},{"reference_url":"https://github.com/advisories/GHSA-g2r4-phv7-5fgv","reference_id":"GHSA-g2r4-phv7-5fgv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g2r4-phv7-5fgv"},{"reference_url":"https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745","reference_id":"SNYK-PHP-SPATIEBROWSERSHOT-8496745","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-16T18:17:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372346?format=json","purl":"pkg:composer/spatie/browsershot@5.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dyh-k3q2-47at"},{"vulnerability":"VCID-qc9t-6b4q-jkek"},{"vulnerability":"VCID-s5nz-tfpg-2fam"},{"vulnerability":"VCID-xaz2-fj7y-ukaw"},{"vulnerability":"VCID-yp2p-qd2k-33at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spatie/browsershot@5.0.1"}],"aliases":["CVE-2024-21544","GHSA-g2r4-phv7-5fgv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ejww-qjam-1fbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/126812?format=json","vulnerability_id":"VCID-qc9t-6b4q-jkek","summary":"Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3192","reference_id":"","reference_type":"","scores":[{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64537","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3192"},{"reference_url":"https://github.com/spatie/browsershot","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3192","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3192"},{"reference_url":"https://gist.github.com/JunMing27/651998a34d57fbf71ff9d25386f1da0f","reference_id":"651998a34d57fbf71ff9d25386f1da0f","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:06:50Z/"}],"url":"https://gist.github.com/JunMing27/651998a34d57fbf71ff9d25386f1da0f"},{"reference_url":"https://github.com/advisories/GHSA-qw64-6vcc-8ghx","reference_id":"GHSA-qw64-6vcc-8ghx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qw64-6vcc-8ghx"},{"reference_url":"https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8548015","reference_id":"SNYK-PHP-SPATIEBROWSERSHOT-8548015","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:06:50Z/"}],"url":"https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8548015"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/779084?format=json","purl":"pkg:composer/spatie/browsershot@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dyh-k3q2-47at"},{"vulnerability":"VCID-xaz2-fj7y-ukaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spatie/browsershot@5.0.4"}],"aliases":["CVE-2025-3192","GHSA-qw64-6vcc-8ghx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qc9t-6b4q-jkek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49130?format=json","vulnerability_id":"VCID-s5nz-tfpg-2fam","summary":"Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file.\r\r**Note:**\r\rThis is a bypass of the fix for [CVE-2024-21544](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21549","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20842","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21549"},{"reference_url":"https://github.com/spatie/browsershot","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21549","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21549"},{"reference_url":"https://github.com/spatie/browsershot/discussions/906","reference_id":"906","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-20T16:20:43Z/"}],"url":"https://github.com/spatie/browsershot/discussions/906"},{"reference_url":"https://github.com/spatie/browsershot/commit/f791ce0ae8dd99367dbfa30588ee31e1196e1728","reference_id":"f791ce0ae8dd99367dbfa30588ee31e1196e1728","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-20T16:20:43Z/"}],"url":"https://github.com/spatie/browsershot/commit/f791ce0ae8dd99367dbfa30588ee31e1196e1728"},{"reference_url":"https://github.com/advisories/GHSA-c9f5-29f6-c35w","reference_id":"GHSA-c9f5-29f6-c35w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c9f5-29f6-c35w"},{"reference_url":"https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023","reference_id":"SNYK-PHP-SPATIEBROWSERSHOT-8533023","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-20T16:20:43Z/"}],"url":"https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372472?format=json","purl":"pkg:composer/spatie/browsershot@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dyh-k3q2-47at"},{"vulnerability":"VCID-qc9t-6b4q-jkek"},{"vulnerability":"VCID-xaz2-fj7y-ukaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spatie/browsershot@5.0.3"}],"aliases":["CVE-2024-21549","GHSA-c9f5-29f6-c35w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5nz-tfpg-2fam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172568?format=json","vulnerability_id":"VCID-s5wh-d9ft-tqd1","summary":"Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41706","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60591","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41706"},{"reference_url":"https://fluidattacks.com/advisories/eminem","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://fluidattacks.com/advisories/eminem"},{"reference_url":"https://github.com/spatie/browsershot","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot"},{"reference_url":"https://github.com/spatie/browsershot/commit/92cf16fc098211731f80d21687abeafbe2c457ad","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot/commit/92cf16fc098211731f80d21687abeafbe2c457ad"},{"reference_url":"https://github.com/spatie/browsershot/","reference_id":"browsershot","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T14:49:54Z/"}],"url":"https://github.com/spatie/browsershot/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41706","reference_id":"CVE-2022-41706","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41706"},{"reference_url":"https://fluidattacks.com/advisories/eminem/","reference_id":"eminem","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T14:49:54Z/"}],"url":"https://fluidattacks.com/advisories/eminem/"},{"reference_url":"https://github.com/advisories/GHSA-8c2c-jxwj-jqgf","reference_id":"GHSA-8c2c-jxwj-jqgf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8c2c-jxwj-jqgf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28059?format=json","purl":"pkg:composer/spatie/browsershot@3.57.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dyh-k3q2-47at"},{"vulnerability":"VCID-ejww-qjam-1fbf"},{"vulnerability":"VCID-qc9t-6b4q-jkek"},{"vulnerability":"VCID-s5nz-tfpg-2fam"},{"vulnerability":"VCID-svjg-s77j-5kdu"},{"vulnerability":"VCID-xaz2-fj7y-ukaw"},{"vulnerability":"VCID-yp2p-qd2k-33at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spatie/browsershot@3.57.3"}],"aliases":["CVE-2022-41706","GHSA-8c2c-jxwj-jqgf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5wh-d9ft-tqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163317?format=json","vulnerability_id":"VCID-svjg-s77j-5kdu","summary":"Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43984","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60724","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43984"},{"reference_url":"https://fluidattacks.com/advisories/malone","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://fluidattacks.com/advisories/malone"},{"reference_url":"https://github.com/spatie/browsershot","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot"},{"reference_url":"https://github.com/spatie/browsershot/commit/554c3e566fde8c47ad1ac9be47eaeb9a84c4dfe2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot/commit/554c3e566fde8c47ad1ac9be47eaeb9a84c4dfe2"},{"reference_url":"https://github.com/spatie/browsershot/commit/92cf16fc098211731f80d21687abeafbe2c457ad","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot/commit/92cf16fc098211731f80d21687abeafbe2c457ad"},{"reference_url":"https://github.com/spatie/browsershot/","reference_id":"browsershot","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T14:37:06Z/"}],"url":"https://github.com/spatie/browsershot/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43984","reference_id":"CVE-2022-43984","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43984"},{"reference_url":"https://github.com/advisories/GHSA-6q49-35h6-rq2p","reference_id":"GHSA-6q49-35h6-rq2p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6q49-35h6-rq2p"},{"reference_url":"https://fluidattacks.com/advisories/malone/","reference_id":"malone","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T14:37:06Z/"}],"url":"https://fluidattacks.com/advisories/malone/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28060?format=json","purl":"pkg:composer/spatie/browsershot@3.57.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dyh-k3q2-47at"},{"vulnerability":"VCID-ejww-qjam-1fbf"},{"vulnerability":"VCID-qc9t-6b4q-jkek"},{"vulnerability":"VCID-s5nz-tfpg-2fam"},{"vulnerability":"VCID-xaz2-fj7y-ukaw"},{"vulnerability":"VCID-yp2p-qd2k-33at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spatie/browsershot@3.57.4"}],"aliases":["CVE-2022-43984","GHSA-6q49-35h6-rq2p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svjg-s77j-5kdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210258?format=json","vulnerability_id":"VCID-t365-rukg-6bdn","summary":"browsershot local file inclusion vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7790","reference_id":"","reference_type":"","scores":[{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50057","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7790"},{"reference_url":"https://github.com/spatie/browsershot/commit/8d4bcfb1ff609921007f3fc11d80fcdad35598ac","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot/commit/8d4bcfb1ff609921007f3fc11d80fcdad35598ac"},{"reference_url":"https://github.com/spatie/browsershot/issues/441%23issue-735049731","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot/issues/441%23issue-735049731"},{"reference_url":"https://github.com/spatie/browsershot/pull/440","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot/pull/440"},{"reference_url":"https://snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-1037064","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-1037064"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7790","reference_id":"CVE-2020-7790","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7790"},{"reference_url":"https://github.com/advisories/GHSA-rv74-mh27-4jpv","reference_id":"GHSA-rv74-mh27-4jpv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rv74-mh27-4jpv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22621?format=json","purl":"pkg:composer/spatie/browsershot@3.40.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dyh-k3q2-47at"},{"vulnerability":"VCID-8135-c431-8fhp"},{"vulnerability":"VCID-ejww-qjam-1fbf"},{"vulnerability":"VCID-qc9t-6b4q-jkek"},{"vulnerability":"VCID-s5nz-tfpg-2fam"},{"vulnerability":"VCID-s5wh-d9ft-tqd1"},{"vulnerability":"VCID-svjg-s77j-5kdu"},{"vulnerability":"VCID-xaz2-fj7y-ukaw"},{"vulnerability":"VCID-yp2p-qd2k-33at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spatie/browsershot@3.40.1"}],"aliases":["CVE-2020-7790","GHSA-rv74-mh27-4jpv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t365-rukg-6bdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115493?format=json","vulnerability_id":"VCID-xaz2-fj7y-ukaw","summary":"Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files.\r\r**Note:**\r\rThis is a bypass of the fix for [CVE-2024-21549](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1026","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3711","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1026"},{"reference_url":"https://github.com/spatie/browsershot","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1026","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1026"},{"reference_url":"https://gist.github.com/mrdgef/54a8783408220c67c1b859df38a52d65","reference_id":"54a8783408220c67c1b859df38a52d65","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-05T14:41:48Z/"}],"url":"https://gist.github.com/mrdgef/54a8783408220c67c1b859df38a52d65"},{"reference_url":"https://gist.github.com/chuajianshen/6291920112fcf1543fa7b43862112be6","reference_id":"6291920112fcf1543fa7b43862112be6","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-05T14:41:48Z/"}],"url":"https://gist.github.com/chuajianshen/6291920112fcf1543fa7b43862112be6"},{"reference_url":"https://github.com/spatie/browsershot/pull/908","reference_id":"908","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-05T14:41:48Z/"}],"url":"https://github.com/spatie/browsershot/pull/908"},{"reference_url":"https://github.com/spatie/browsershot/commit/e3273974506865a24fbb5b65b534d8d4b8dfbf72","reference_id":"e3273974506865a24fbb5b65b534d8d4b8dfbf72","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-05T14:41:48Z/"}],"url":"https://github.com/spatie/browsershot/commit/e3273974506865a24fbb5b65b534d8d4b8dfbf72"},{"reference_url":"https://github.com/advisories/GHSA-f2q5-6mx7-q9qq","reference_id":"GHSA-f2q5-6mx7-q9qq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f2q5-6mx7-q9qq"},{"reference_url":"https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533024","reference_id":"SNYK-PHP-SPATIEBROWSERSHOT-8533024","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-05T14:41:48Z/"}],"url":"https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533024"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377380?format=json","purl":"pkg:composer/spatie/browsershot@5.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spatie/browsershot@5.0.5"}],"aliases":["CVE-2025-1026","GHSA-f2q5-6mx7-q9qq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xaz2-fj7y-ukaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49037?format=json","vulnerability_id":"VCID-yp2p-qd2k-33at","summary":"Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\\\. An attacker could read any file on the server by exploiting the normalization of \\ into /.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21547","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21511","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21547"},{"reference_url":"https://github.com/spatie/browsershot","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spatie/browsershot"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21547","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21547"},{"reference_url":"https://gist.github.com/chuajianshen/baa71db588cfc038fb5d65624a47be81","reference_id":"baa71db588cfc038fb5d65624a47be81","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-18T14:43:29Z/"}],"url":"https://gist.github.com/chuajianshen/baa71db588cfc038fb5d65624a47be81"},{"reference_url":"https://github.com/spatie/browsershot/commit/dfc3635b83dd980e5c39f8f8c73e87723b99ca01","reference_id":"dfc3635b83dd980e5c39f8f8c73e87723b99ca01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-18T14:43:29Z/"}],"url":"https://github.com/spatie/browsershot/commit/dfc3635b83dd980e5c39f8f8c73e87723b99ca01"},{"reference_url":"https://github.com/advisories/GHSA-v528-6rq9-h6gw","reference_id":"GHSA-v528-6rq9-h6gw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v528-6rq9-h6gw"},{"reference_url":"https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8501858","reference_id":"SNYK-PHP-SPATIEBROWSERSHOT-8501858","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-18T14:43:29Z/"}],"url":"https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8501858"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372460?format=json","purl":"pkg:composer/spatie/browsershot@5.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dyh-k3q2-47at"},{"vulnerability":"VCID-qc9t-6b4q-jkek"},{"vulnerability":"VCID-s5nz-tfpg-2fam"},{"vulnerability":"VCID-xaz2-fj7y-ukaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spatie/browsershot@5.0.2"}],"aliases":["CVE-2024-21547","GHSA-v528-6rq9-h6gw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yp2p-qd2k-33at"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spatie/browsershot@3.5.0"}