Homepage

symfony vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the symfony package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2024-36611

*
  • L
Improper Authentication

<6.4.15+dfsg-1
  • L
CVE-2024-50341

<6.4.10+dfsg-1
  • L
Improper Input Validation

<6.4.11+dfsg-1
  • L
Open Redirect

<6.4.14+dfsg-1
  • L
Arbitrary Code Injection

<6.4.14+dfsg-1
  • L
Information Exposure

<6.4.15+dfsg-1
  • M
CVE-2023-46733

<5.4.31+dfsg-1
  • M
Cross-site Scripting (XSS)

<5.4.31+dfsg-1
  • H
Improper Authorization

<5.4.20+dfsg-1
  • H
Session Fixation

<5.4.20+dfsg-1
  • M
Improper Neutralization of Formula Elements in a CSV File

<4.4.19+dfsg-3
  • M
Information Exposure

<4.4.19+dfsg-2
  • H
Improper Cross-boundary Removal of Sensitive Data

<4.4.13+dfsg-1
  • M
Information Exposure

<4.4.8-1
  • H
Incorrect Authorization

<4.4.8-1
  • M
Improper Input Validation

<4.4.8-1
  • H
Information Exposure

<4.3.8+dfsg-1
  • C
Improper Encoding or Escaping of Output

<4.3.8+dfsg-1
  • C
Arbitrary Code Injection

<4.3.8+dfsg-1
  • H
Improper Input Validation

<4.3.8+dfsg-1
  • M
Information Exposure

<4.3.8+dfsg-1
  • H
Improper Authentication

<3.4.22+dfsg-2
  • C
Cross-site Scripting (XSS)

<3.4.22+dfsg-2
  • H
Deserialization of Untrusted Data

<3.4.22+dfsg-2
  • C
SQL Injection

<3.4.22+dfsg-2
  • M
Cross-site Scripting (XSS)

<3.4.22+dfsg-2
  • M
Open Redirect

<3.4.20+dfsg-1
  • M
Unrestricted Upload of File with Dangerous Type

<3.4.20+dfsg-1
  • H
Improper Input Validation

<3.4.14+dfsg-1
  • M
CVE-2018-14773

<3.4.14+dfsg-1
  • H
Directory Traversal

<3.4.0+dfsg-1
  • M
CVE-2017-16653

<3.4.0+dfsg-1
  • M
Improper Input Validation

<3.4.0+dfsg-1
  • L
Cross-site Scripting (XSS)

<3.4.0+dfsg-1
  • L
CVE-2015-2309

<2.3.21+dfsg-4
  • L
Cross-site Scripting (XSS)

<3.4.12+dfsg-1
  • M
Open Redirect

<3.4.12+dfsg-1
  • H
Cross-site Request Forgery (CSRF)

<3.4.12+dfsg-1
  • M
Open Redirect

<3.4.0+dfsg-1
  • H
Session Fixation

<3.4.12+dfsg-1
  • C
Improper Authentication

<3.4.12+dfsg-1
  • M
Insufficient Session Expiration

<3.4.12+dfsg-1
  • C
Improper Authentication

<2.8.6+dfsg-1
  • H
Resource Management Errors

<2.8.6+dfsg-1
  • H
Cryptographic Issues

<2.7.9+dfsg-1
  • H
CVE-2015-8125

<2.7.7+dfsg-1
  • M
CVE-2015-8124

<2.7.7+dfsg-1
  • M
Arbitrary Code Injection

<2.3.21+dfsg-4
  • M
Improper Access Control

<2.7.0~beta2+dfsg-2
  • L
CVE-2008-7220

<1.0.21-1.1
  • L
CVE-2007-2383

<1.0.21-1.1