Homepage

symfony vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the symfony package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Use of Non-Canonical URL Paths for Authorization Decisions

*
  • L
CVE-2024-36611

*
  • M
Open Redirect

<4.4.19+dfsg-2+deb11u7
  • L
Improper Input Validation

<4.4.19+dfsg-2+deb11u7
  • M
Cross-site Scripting (XSS)

<4.4.19+dfsg-2+deb11u4
  • H
CVE-2022-24894

<4.4.19+dfsg-2+deb11u2
  • H
Insufficient Session Expiration

<4.4.19+dfsg-2+deb11u2
  • M
Improper Neutralization of Formula Elements in a CSV File

<4.4.19+dfsg-2+deb11u1
  • M
Information Exposure

<4.4.19+dfsg-2
  • H
Improper Cross-boundary Removal of Sensitive Data

<4.4.13+dfsg-1
  • M
Information Exposure

<4.4.8-1
  • H
Incorrect Authorization

<4.4.8-1
  • M
Improper Input Validation

<4.4.8-1
  • H
Information Exposure

<4.3.8+dfsg-1
  • C
Improper Encoding or Escaping of Output

<4.3.8+dfsg-1
  • C
Arbitrary Code Injection

<4.3.8+dfsg-1
  • H
Improper Input Validation

<4.3.8+dfsg-1
  • M
Information Exposure

<4.3.8+dfsg-1
  • H
Improper Authentication

<3.4.22+dfsg-2
  • C
Cross-site Scripting (XSS)

<3.4.22+dfsg-2
  • H
Deserialization of Untrusted Data

<3.4.22+dfsg-2
  • C
SQL Injection

<3.4.22+dfsg-2
  • M
Cross-site Scripting (XSS)

<3.4.22+dfsg-2
  • M
Open Redirect

<3.4.20+dfsg-1
  • M
Unrestricted Upload of File with Dangerous Type

<3.4.20+dfsg-1
  • H
Improper Input Validation

<3.4.14+dfsg-1
  • M
CVE-2018-14773

<3.4.14+dfsg-1
  • H
Directory Traversal

<3.4.0+dfsg-1
  • M
CVE-2017-16653

<3.4.0+dfsg-1
  • M
Improper Input Validation

<3.4.0+dfsg-1
  • L
Cross-site Scripting (XSS)

<3.4.0+dfsg-1
  • L
CVE-2015-2309

<2.3.21+dfsg-4
  • L
Cross-site Scripting (XSS)

<3.4.12+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<3.4.12+dfsg-1
  • M
Insufficient Session Expiration

<3.4.12+dfsg-1
  • M
Open Redirect

<3.4.12+dfsg-1
  • C
Improper Authentication

<3.4.12+dfsg-1
  • M
Open Redirect

<3.4.0+dfsg-1
  • H
Session Fixation

<3.4.12+dfsg-1
  • C
Improper Authentication

<2.8.6+dfsg-1
  • H
Cryptographic Issues

<2.7.9+dfsg-1
  • H
Resource Management Errors

<2.8.6+dfsg-1
  • H
CVE-2015-8125

<2.7.7+dfsg-1
  • M
CVE-2015-8124

<2.7.7+dfsg-1
  • M
Arbitrary Code Injection

<2.3.21+dfsg-4
  • M
Improper Access Control

<2.7.0~beta2+dfsg-2
  • L
CVE-2008-7220

<1.0.21-1.1
  • L
CVE-2007-2383

<1.0.21-1.1