symfony/symfony vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2018-19789Mediumsymfony/symfony: Symfony Path DisclosureCVE-2017-16653Mediumsymfony/security-csrf: Symfony CSRF VulnerabilityCVE-2018-14773Mediumsymfony/http-foundation: Symfony HTTP Foundation web cache poisoningCVE-2013-4752Mediumsymfony/symfony: Symfony Host Header Injection vulnerability in the HttpFoundation componentCVE-2013-4751Highsymfony/validator: Symfony collectionCascaded and collectionCascadedDeeply fields security bypassCVE-2019-18887Highsymfony/http-kernel: Symfony Http-Kernel has non-constant time comparison in UriSignerCVE-2021-41270Mediumsymfony/serializer: CSV Injection in symfony/serializerCVE-2021-41268Mediumsymfony/security-bundle: Cookie persistence after password changes in symfony/security-bundleCVE-2021-41267Mediumsymfony/http-kernel: Webcache Poisoning in symfony/http-kernelCVE-2021-32693Mediumsymfony/security-http: Authentication granted to all firewalls instead of just oneGHSA-G2QJ-PMXM-9F8FLowsymfony/security-http: User enumeration in authentication mechanismsCVE-2021-21424Mediumsymfony/security: Prevent user enumeration using Guard or the new Authenticator-based SecurityCVE-2020-15094Highsymfony/http-kernel: RCE in SymfonyCVE-2020-5275Highsymfony/security: Firewall configured with unanimous strategy was not actually unanimous in SymfonyCVE-2020-5274Mediumsymfony/error-handler: Exceptions displayed in non-debug configurations in SymfonyCVE-2020-5255Lowsymfony/http-foundation: Prevent cache poisoning via a Response Content-Type header in SymfonyCVE-2019-10911Highsymfony/security-http: Improper authentication in SymfonyCVE-2019-10912Highsymfony/cache: Deserialization of untrusted data in SymfonyCVE-2019-11325Criticalsymfony/symfony: Improper Input Validation in SymfonyCVE-2019-10913Criticalsymfony/http-foundation: Invalid HTTP method overrides allow possible XSS or other attacks in SymfonyCVE-2019-18886Mediumsymfony/security-http: User enumeration leak using switch user functionality in SymfonyCVE-2019-18888Highsymfony/http-foundation: Argument injection in a MimeTypeGuesser in SymfonyCVE-2019-18889Criticalsymfony/cache: Symfony Unsafe Cache Serialization Could Enable RCECVE-2019-10910Criticalsymfony/dependency-injection: Symfony Service IDs Allow InjectionCVE-2019-10909Mediumsymfony/framework-bundle: Symfony Cross-site Scripting (XSS) vulnerability

Stop the waste.
Protect your environment with Kodem.