[MEDIUM] Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows

PKSA-2xjm-ff52-fzd5 CVE-2026-24739 GHSA-r39x-jcww-82v6

Affected version: >=8.0,<8.0.5|>=7.4,<7.4.5|>=7.3,<7.3.11|>=6.4,<6.4.33|<5.4.51

Reported by:
GitHub

[HIGH] CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass

PKSA-nqwp-2kdm-491t CVE-2025-64500 GHSA-3rg7-wf37-54rm

Affected version: >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.50|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.29|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.7

Reported by:
GitHub, FriendsOfPHP/security-advisories