Homepage

symfony vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the symfony package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Use of Non-Canonical URL Paths for Authorization Decisions

<7.4.0~rc1+dfsg-1
  • H
Incorrect Authorization

<4.4.8-1
  • L
Arbitrary Code Injection

<6.4.14+dfsg-1
  • C
Arbitrary Code Injection

<4.3.8+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<3.4.12+dfsg-1
  • M
CVE-2017-16653

<3.4.0+dfsg-1
  • L
CVE-2024-36611

*
  • M
Cross-site Scripting (XSS)

<5.4.31+dfsg-1
  • L
CVE-2024-50341

<6.4.10+dfsg-1
  • M
Improper Neutralization of Formula Elements in a CSV File

<4.4.19+dfsg-3
  • H
Insufficient Session Expiration

<5.4.20+dfsg-1
  • M
Improper Input Validation

<3.4.0+dfsg-1
  • C
SQL Injection

<3.4.22+dfsg-2
  • L
Information Exposure

<6.4.15+dfsg-1
  • M
Open Redirect

<3.4.20+dfsg-1
  • C
Improper Authentication

<3.4.12+dfsg-1
  • M
Insufficient Session Expiration

<3.4.12+dfsg-1
  • L
CVE-2008-7220

<1.0.21-1.1
  • M
Improper Input Validation

<4.4.8-1
  • M
Open Redirect

<3.4.0+dfsg-1
  • H
Directory Traversal

<3.4.0+dfsg-1
  • M
Information Exposure

<4.3.8+dfsg-1
  • H
Improper Input Validation

<4.3.8+dfsg-1
  • L
CVE-2015-2309

<2.3.21+dfsg-4
  • H
Information Exposure

<4.3.8+dfsg-1
  • M
Information Exposure

<4.4.19+dfsg-2
  • H
Improper Authentication

<3.4.22+dfsg-2
  • H
Improper Input Validation

<3.4.14+dfsg-1
  • C
Improper Encoding or Escaping of Output

<4.3.8+dfsg-1
  • M
Unrestricted Upload of File with Dangerous Type

<3.4.20+dfsg-1
  • C
Cross-site Scripting (XSS)

<3.4.22+dfsg-2
  • M
Open Redirect

<3.4.12+dfsg-1
  • H
Cryptographic Issues

<2.7.9+dfsg-1
  • M
CVE-2015-8124

<2.7.7+dfsg-1
  • L
Cross-site Scripting (XSS)

<3.4.0+dfsg-1
  • H
Session Fixation

<3.4.12+dfsg-1
  • M
Cross-site Scripting (XSS)

<3.4.22+dfsg-2
  • M
Information Exposure

<4.4.8-1
  • H
Resource Management Errors

<2.8.6+dfsg-1
  • L
CVE-2007-2383

<1.0.21-1.1
  • L
Improper Input Validation

<6.4.11+dfsg-1
  • H
CVE-2022-24894

<5.4.20+dfsg-1
  • L
Improper Authentication

<6.4.15+dfsg-1
  • M
Open Redirect

<6.4.14+dfsg-1
  • M
CVE-2023-46733

<5.4.31+dfsg-1
  • H
Improper Cross-boundary Removal of Sensitive Data

<4.4.13+dfsg-1
  • M
CVE-2018-14773

<3.4.14+dfsg-1
  • H
CVE-2015-8125

<2.7.7+dfsg-1
  • M
Improper Access Control

<2.7.0~beta2+dfsg-2
  • M
Arbitrary Code Injection

<2.3.21+dfsg-4
  • H
Deserialization of Untrusted Data

<3.4.22+dfsg-2
  • L
Cross-site Scripting (XSS)

<3.4.12+dfsg-1
  • C
Improper Authentication

<2.8.6+dfsg-1