Homepage

symfony vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the symfony package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2024-36610

*
  • L
CVE-2024-36611

*
  • L
Improper Authentication

<5.4.23+dfsg-1+deb12u4
  • L
Information Exposure

<5.4.23+dfsg-1+deb12u3
  • L
Open Redirect

<5.4.23+dfsg-1+deb12u3
  • L
Improper Input Validation

<5.4.23+dfsg-1+deb12u3
  • L
Arbitrary Code Injection

<5.4.23+dfsg-1+deb12u3
  • M
Cross-site Scripting (XSS)

<5.4.23+dfsg-1+deb12u1
  • M
CVE-2023-46733

<5.4.23+dfsg-1+deb12u1
  • H
Improper Authorization

<5.4.20+dfsg-1
  • H
Session Fixation

<5.4.20+dfsg-1
  • M
Improper Neutralization of Formula Elements in a CSV File

<4.4.19+dfsg-3
  • M
Information Exposure

<4.4.19+dfsg-2
  • H
Improper Cross-boundary Removal of Sensitive Data

<4.4.13+dfsg-1
  • M
Information Exposure

<4.4.8-1
  • H
Incorrect Authorization

<4.4.8-1
  • M
Improper Input Validation

<4.4.8-1
  • H
Information Exposure

<4.3.8+dfsg-1
  • C
Improper Encoding or Escaping of Output

<4.3.8+dfsg-1
  • C
Arbitrary Code Injection

<4.3.8+dfsg-1
  • H
Improper Input Validation

<4.3.8+dfsg-1
  • M
Information Exposure

<4.3.8+dfsg-1
  • H
Improper Authentication

<3.4.22+dfsg-2
  • C
Cross-site Scripting (XSS)

<3.4.22+dfsg-2
  • H
Deserialization of Untrusted Data

<3.4.22+dfsg-2
  • C
SQL Injection

<3.4.22+dfsg-2
  • M
Cross-site Scripting (XSS)

<3.4.22+dfsg-2
  • M
Open Redirect

<3.4.20+dfsg-1
  • M
Unrestricted Upload of File with Dangerous Type

<3.4.20+dfsg-1
  • M
CVE-2018-14773

<3.4.14+dfsg-1
  • H
Improper Input Validation

<3.4.14+dfsg-1
  • H
Directory Traversal

<3.4.0+dfsg-1
  • M
CVE-2017-16653

<3.4.0+dfsg-1
  • M
Improper Input Validation

<3.4.0+dfsg-1
  • L
Cross-site Scripting (XSS)

<3.4.0+dfsg-1
  • L
CVE-2015-2309

<2.3.21+dfsg-4
  • L
Cross-site Scripting (XSS)

<3.4.12+dfsg-1
  • H
Session Fixation

<3.4.12+dfsg-1
  • M
Open Redirect

<3.4.12+dfsg-1
  • M
Open Redirect

<3.4.0+dfsg-1
  • C
Improper Authentication

<3.4.12+dfsg-1
  • M
Insufficient Session Expiration

<3.4.12+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<3.4.12+dfsg-1
  • C
Improper Authentication

<2.8.6+dfsg-1
  • H
Cryptographic Issues

<2.7.9+dfsg-1
  • H
Resource Management Errors

<2.8.6+dfsg-1
  • H
CVE-2015-8125

<2.7.7+dfsg-1
  • M
CVE-2015-8124

<2.7.7+dfsg-1
  • M
Arbitrary Code Injection

<2.3.21+dfsg-4
  • M
Improper Access Control

<2.7.0~beta2+dfsg-2
  • L
CVE-2008-7220

<1.0.21-1.1
  • L
CVE-2007-2383

<1.0.21-1.1