See the full list of npm packages compromised in the “Node-gyp Supply Chain Compromise - June 2026” [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Arbitrary Argument InjectionCVE-2026-46626
Affects symfony/runtime | Versions >=5.4.46, <5.4.52>=6.4.14, <6.4.40>=7.1.7, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026
- H
XML External Entity (XXE) InjectionCVE-2026-45071
Affects symfony/dom-crawler | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026
- H
Improper Verification of Cryptographic SignatureCVE-2026-45069
Affects symfony/security-http | Versions >=6.3.0-BETA1, <6.4.40>=7.4.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026
- H
User ImpersonationCVE-2026-45074
Affects symfony/security-http | Versions >=7.1.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026
- M
User ImpersonationCVE-2026-45063
Affects symfony/security-http | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026
Affects laravel-lang/actions | Versions >=0.0.0
Has fix
ComposerPublished 23 May 2026
Affects laravel-lang/attributes | Versions >=0.0.0
Has fix
ComposerPublished 23 May 2026
Affects laravel-lang/http-statuses | Versions >=0.0.0
Has fix
ComposerPublished 23 May 2026
Affects laravel-lang/lang | Versions >=0.0.0
Has fix
ComposerPublished 23 May 2026
- H
Incorrect Regular ExpressionCVE-2026-45065
Affects symfony/symfony | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.4.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
- H
Incorrect Regular ExpressionCVE-2026-45065
Affects symfony/routing | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.4.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
Affects symfony/yaml | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
- M
Regular Expression Denial of Service (ReDoS)CVE-2026-45305
Affects symfony/yaml | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
- H
Uncontrolled RecursionCVE-2026-45133
Affects symfony/yaml | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
- M
CRLF InjectionCVE-2026-45067
Affects symfony/mime | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
- M
CRLF InjectionCVE-2026-45070
Affects symfony/mime | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-45072
Affects symfony/symfony | Versions >=6.4.24, <6.4.40>=7.2.9, <7.4.12>=8.0.0, <8.0.12
Has fix
ComposerPublished 22 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-45072
Affects symfony/twig-bridge | Versions >=6.4.24, <6.4.40
Has fix
ComposerPublished 22 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-45072
Affects symfony/web-profiler-bundle | Versions >=7.2.9, <7.4.12>=8.0.0, <8.0.12
Has fix
ComposerPublished 22 May 2026
- M
SQL InjectionCVE-2026-45073
Affects symfony/symfony | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 21 May 2026
- M
SQL InjectionCVE-2026-45073
Affects symfony/cache | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 21 May 2026
- H
Incorrect AuthorizationCVE-2026-45075
Affects symfony/symfony | Versions >=7.4.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 21 May 2026
- H
Incorrect AuthorizationCVE-2026-45075
Affects symfony/security-http | Versions >=7.4.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 21 May 2026
- H
Incorrect AuthorizationCVE-2026-45075
Affects symfony/http-kernel | Versions >=7.4.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 21 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-46627
Affects twig/twig | Versions <3.26.0
Has fix
ComposerPublished 20 May 2026
- H
Incorrect AuthorizationCVE-2026-24425
Affects twig/twig | Versions >=3.9.0, <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Incorrect AuthorizationCVE-2026-46635
Affects twig/twig | Versions <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Incorrect AuthorizationCVE-2026-46639
Affects twig/twig | Versions >=3.24.0, <3.26.0
Has fix
ComposerPublished 20 May 2026
- C
Arbitrary Code InjectionCVE-2026-46640
Affects twig/twig | Versions >=3.15.0, <3.26.0
Has fix
ComposerPublished 20 May 2026
- C
Arbitrary Code InjectionCVE-2026-46633
Affects twig/twig | Versions <3.26.0
Has fix
ComposerPublished 20 May 2026