Browse Security Advisories
Security Advisories for https://github.com/symfony/symfony in packagist Clear Filters
High
9 months ago
Symfony has an Authentication Bypass via RememberMe
packagist
symfony/security-http
High
9 months ago
Symfony vulnerable to command execution hijack on Windows with Process class
packagist
symfony/symfony, symfony/process
Low
9 months ago
Symfony vulnerable to open redirect via browser-sanitized URLs
packagist
symfony/http-foundation
Low
9 months ago
Symfony has an incorrect response from Validator when input ends with `\n`
packagist
symfony/validator, symfony/symfony
Low
9 months ago
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
packagist
symfony/symfony, symfony/http-client
Low
9 months ago
Symfony's `Security::login` does not take into account custom `user_checker`
packagist
symfony/symfony, symfony/security-bundle
Moderate
9 months ago
Symfony allows changing the environment through a query
packagist
symfony/symfony, symfony/runtime
High
about 1 year ago
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
packagist
symfony/web-profiler-bundle, symfony/symfony
Critical
about 1 year ago
Symfony XML decoding attack vector through external entities
packagist
symfony/symfony
Moderate
about 1 year ago
Symfony may allow a user to switch to using another user's identity
packagist
symfony/symfony
High
about 1 year ago
Symfony allows direct access of ESI URLs behind a trusted proxy
packagist
symfony/symfony, symfony/http-kernel
Moderate
about 1 year ago
Symfony has unsafe methods in the Request class
packagist
symfony/symfony, symfony/http-foundation
Moderate
about 1 year ago
Symfony has a security issue when parsing the Authorization header
packagist
symfony/symfony, symfony/http-foundation
High
about 1 year ago
Symfony vulnerable to denial of service via a malicious HTTP Host header
packagist
symfony/symfony, symfony/http-foundation
High
about 1 year ago
Code injection in the way Symfony implements translation caching in FrameworkBundle
packagist
symfony/symfony, symfony/framework-bundle
Moderate
over 1 year ago
Symfony potential Cross-site Scripting in WebhookController
packagist
symfony/symfony, symfony/webhook
Moderate
over 1 year ago
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
packagist
symfony/symfony, symfony/twig-bridge
Moderate
over 1 year ago
Symfony possible session fixation vulnerability
packagist
symfony/symfony, symfony/security-http
Moderate
over 2 years ago
Symfony storing cookie headers in HttpCache
packagist
symfony/symfony, symfony/http-kernel
Moderate
over 2 years ago
Symfony vulnerable to Session Fixation of CSRF tokens
packagist
symfony/symfony, symfony/security-bundle
Critical
about 3 years ago
Symfony Incorrect Access Control
packagist
symfony/symfony, symfony/security, symfony/security-core
Moderate
about 3 years ago
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
packagist
symfony/symfony, symfony/security, symfony/routing, symfony/http-foundation
Moderate
about 3 years ago
Symfony Denial of Service Via Long Password Hashing
packagist
symfony/security, symfony/polyfill, symfony/symfony
High
about 3 years ago
Symphony Denial of Service Via Overlong Usernames
packagist
symfony/symfony, symfony/security, symfony/security-http
High
about 3 years ago
Symfony Cryptographic Vulnerability
packagist
symfony/symfony, symfony/security, symfony/security-core
Moderate
about 3 years ago
Symfony Vulnerable to PHP Eval Injection
packagist
symfony/http-kernel, symfony/symfony
High
about 3 years ago
Symfony Vulnerable to Timing Attack
packagist
symfony/symfony, symfony/security, symfony/security-http, symfony/form
High
about 3 years ago
Symphony Vulnerable to PHP Code Injection via YAML Parsing
packagist
symfony/yaml, symfony/symfony
Critical
about 3 years ago
Symfony Authentication Bypass
packagist
symfony/symfony, symfony/security, symfony/security-core
Low
about 3 years ago
Symfony Session Fixation Vulnerability
packagist
symfony/security, symfony/security-http, symfony/symfony
Moderate
about 3 years ago
Symfony SSRF Vulnerability via Form Component
packagist
symfony/symfony, symfony/form
High
about 3 years ago
Symfony Session Fixation Vulnerability
packagist
symfony/security, symfony/security-http, symfony/symfony
High
about 3 years ago
Symfony CSRF Token Fixation
packagist
symfony/security, symfony/security-http, symfony/security-bundle, symfony/symfony
Moderate
about 3 years ago
Symfony Open Redirect
packagist
symfony/symfony, symfony/security, symfony/security-http
Moderate
about 3 years ago
Symfony CSRF Vulnerability
packagist
symfony/symfony, symfony/security, symfony/security-csrf
Moderate
about 3 years ago
Symfony HTTP Foundation web cache poisoning
packagist
symfony/symfony, symfony/http-foundation
High
over 3 years ago
Symfony Http-Kernel has non-constant time comparison in UriSigner
packagist
symfony/symfony, symfony/http-kernel
Moderate
over 3 years ago
CSV Injection in symfony/serializer
packagist
symfony/symfony, symfony/serializer
Moderate
over 3 years ago
Cookie persistence after password changes in symfony/security-bundle
packagist
symfony/symfony, symfony/security-bundle
Moderate
over 3 years ago
Webcache Poisoning in symfony/http-kernel
packagist
symfony/symfony, symfony/http-kernel
Moderate
about 4 years ago
Authentication granted to all firewalls instead of just one
packagist
symfony/symfony, symfony/security-http
Low
about 4 years ago
User enumeration in authentication mechanisms
packagist
symfony/symfony, symfony/security-http
Moderate
about 4 years ago
Prevent user enumeration using Guard or the new Authenticator-based Security
packagist
symfony/symfony, symfony/security, symfony/security-http, symfony/maker-bundle, lexik/jwt-authentication-bundle, symfony/security-core, symfony/security-guard
High
over 5 years ago
Firewall configured with unanimous strategy was not actually unanimous in Symfony
packagist
symfony/symfony, symfony/security-http, symfony/security
Moderate
over 5 years ago
Exceptions displayed in non-debug configurations in Symfony
packagist
symfony/symfony, symfony/error-handler
Low
over 5 years ago
Prevent cache poisoning via a Response Content-Type header in Symfony
packagist
symfony/symfony, symfony/http-foundation
High
over 5 years ago
Improper authentication in Symfony
packagist
symfony/symfony, symfony/security, symfony/security-http
High
over 5 years ago
Deserialization of untrusted data in Symfony
packagist
typo3/cms, typo3/cms-core, symfony/symfony, symfony/phpunit-bridge, symfony/cache
Critical
over 5 years ago
Improper Input Validation in Symfony
packagist
symfony/var-exporter, symfony/symfony
Critical
over 5 years ago
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
packagist
symfony/symfony, symfony/http-foundation
Moderate
over 5 years ago
User enumeration leak using switch user functionality in Symfony
packagist
symfony/symfony, symfony/security-http
High
over 5 years ago
Argument injection in a MimeTypeGuesser in Symfony
packagist
symfony/symfony, symfony/mime, symfony/http-foundation
Critical
over 5 years ago
Symfony Unsafe Cache Serialization Could Enable RCE
packagist
symfony/symfony, symfony/cache
Critical
over 5 years ago
Symfony Service IDs Allow Injection
packagist
symfony/symfony, symfony/proxy-manager-bridge, symfony/dependency-injection
Moderate
over 5 years ago
Symfony Cross-site Scripting (XSS) vulnerability
packagist
drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Filter by Severity
Filter by Ecosystem
maven
6,716
packagist
5,368
pypi
4,854
npm
4,207
go
2,843
nuget
1,702
cargo
1,072
rubygems
927
hex
37
swift
35
actions
32
pub
10
Filter by Package
moodle/moodle
418
magento/community-edition
300
typo3/cms
190
pimcore/pimcore
120
dolibarr/dolibarr
116
typo3/cms-core
111
phpmyadmin/phpmyadmin
107
drupal/core
103
microweber/microweber
103
magento/project-community-edition
100
silverstripe/framework
92
drupal/drupal
83
librenms/librenms
82
thorsten/phpmyfaq
73
symfony/symfony
69
concrete5/concrete5
67
shopware/platform
58
craftcms/cms
52
baserproject/basercms
47
shopware/core
45
mautic/core
44
nilsteampassnet/teampass
42
showdoc/showdoc
41
mantisbt/mantisbt
41
froxlor/froxlor
40
intelliants/subrion
39
snipe/snipe-it
36
zendframework/zendframework1
34
getgrav/grav
30
shopware/shopware
30
mediawiki/core
28
centreon/centreon
27
prestashop/prestashop
26
contao/core-bundle
25
getkirby/cms
24
magento/core
24
pocketmine/pocketmine-mp
24
grumpydictator/firefly-iii
23
zendframework/zendframework
23
phpoffice/phpexcel
23
simplesamlphp/simplesamlphp
23
laravel/framework
23
remdex/livehelperchat
23
tribalsystems/zenario
22
phpoffice/phpspreadsheet
21
funadmin/funadmin
20
cockpit-hq/cockpit
20
topthink/framework
19
contao/contao
18
forkcms/forkcms
18
genix/cms
18
ezsystems/ezpublish-kernel
17
openmage/magento-lts
17
cakephp/cakephp
17
opencart/opencart
17
typo3/cms-backend
17
francoisjacquet/rosariosis
17
symfony/security
17
yetiforce/yetiforce-crm
17
october/system
16
phpbb/phpbb
16
smarty/smarty
15
bolt/bolt
15
symfony/security-http
15
pimcore/admin-ui-classic-bundle
15
silverstripe/cms
15
ec-cube/ec-cube
15
dompdf/dompdf
14
codeigniter4/framework
14
feehi/cms
14
phpmailer/phpmailer
14
modx/revolution
14
phpmyfaq/phpmyfaq
13
studio-42/elfinder
13
lavalite/cms
13
elefant/cms
13
sylius/sylius
13
admidio/admidio
13
impresscms/impresscms
13
yeswiki/yeswiki
13
wwbn/avideo
12
alextselegidis/easyappointments
12
wallabag/wallabag
12
symfony/http-foundation
12
nukeviet/nukeviet
11
tinymce
11
leantime/leantime
11
october/october
11
ezsystems/ezplatform-kernel
11
TinyMCE
11
yiisoft/yii2
11
tinymce/tinymce
11
feehi/feehicms
11
sulu/sulu
11
pagekit/pagekit
11
spatie/browsershot
10
ezsystems/ezpublish-legacy
10
ssddanbrown/bookstack
10
pterodactyl/panel
9
in2code/femanager
9
kevinpapst/kimai2
9
billz/raspap-webgui
9
statamic/cms
9
ezsystems/ezplatform-admin-ui
9
pimcore/customer-management-framework-bundle
9
bootstrap
9
in2code/powermail
9
concrete5/core
9
twig/twig
9
bootstrap
9
contao/core
9
bootstrap
9
twbs/bootstrap
9
org.webjars:bootstrap
9
croogo/croogo
9
composer/composer
8
gilacms/gila
8
directmailteam/direct-mail
8
silverstripe/admin
8
october/cms
8
flarum/core
8
joomla/joomla-cms
8
starcitizentools/citizen-skin
8
silverstripe/graphql
8
codiad/codiad
8
tecnickcom/tcpdf
8
facturascripts/facturascripts
8
backdrop/backdrop
7
simplesamlphp/saml2
7
october/backend
7
bootstrap-sass
7
wpglobus/wpglobus
7
passbolt/passbolt_api
7
symfony/http-kernel
7
shopxo/shopxo
7
redaxo/source
7
yiisoft/yii2-dev
7
bootstrap.sass
7
api-platform/core
6
drupal/core-recommended
6
bootstrap-sass
6
pear/archive_tar
6
yourls/yourls
6
adodb/adodb-php
6
icecoder/icecoder
6
bagisto/bagisto
6
oro/platform
6
zoujingli/thinkadmin
6
phpseclib/phpseclib
6
vrana/adminer
6
nystudio107/craft-seomatic
6
gleez/cms
6
dweeves/magmi
6
guzzlehttp/guzzle
6
typo3/cms-install
6
woocommerce/woocommerce
5
juzaweb/cms
5
phpservermon/phpservermon
5
neos/neos
5
gugoan/economizzer
5
ibexa/core
5
elgg/elgg
5
kimai/kimai
5
bottelet/flarepoint
5
mautic/core-lib
5
thinkcmf/thinkcmf
5
limesurvey/limesurvey
5
phpxmlrpc/phpxmlrpc
5
typo3/flow
5
illuminate/database
5
anchorcms/anchor-cms
5
cachethq/cachet
5
silverstripe/assets
5
symfony/security-core
5
ibexa/admin-ui
5
symfony/security-bundle
5
tcg/voyager
5
neos/flow
5
getformwork/formwork
5
typo3/html-sanitizer
4
codeigniter/framework
4
pyrocms/pyrocms
4
sylius/resource-bundle
4
idno/known
4
codeigniter4/shield
4
typo3/cms-frontend
4
automad/automad
4
drupal/ai
4
ezyang/htmlpurifier
4
wintercms/winter
4
dcat/laravel-admin
4
livewire/livewire
4
bref/bref
4
reportico-web/reportico
4
friendsofsymfony/user-bundle
4
ckeditor4
4
evolutioncms/evolution
4
froala/wysiwyg-editor
4
zendframework/zendopenid
4
typo3/cms-form
4
Filter by Repository
https://github.com/moodle/moodle
243
https://github.com/pimcore/pimcore
116
https://github.com/TYPO3/typo3
94
https://github.com/microweber/microweber
90
https://github.com/librenms/librenms
73
https://github.com/thorsten/phpmyfaq
69
https://github.com/silverstripe/silverstripe-framework
68
https://github.com/symfony/symfony
64
https://github.com/Dolibarr/dolibarr
60
https://github.com/phpmyadmin/phpmyadmin
45
https://github.com/concretecms/concretecms
44
https://github.com/shopware/platform
43
https://github.com/mautic/mautic
42
https://github.com/craftcms/cms
40
https://github.com/star7th/showdoc
39
https://github.com/magento/magento2
38
https://github.com/mantisbt/mantisbt
38
https://github.com/octobercms/october
36
https://github.com/shopware/shopware
34
https://github.com/snipe/snipe-it
30
https://github.com/baserproject/basercms
26
https://github.com/contao/contao
26
https://github.com/froxlor/froxlor
26
https://github.com/pmmp/PocketMine-MP
24
https://github.com/getgrav/grav
24
https://github.com/livehelperchat/livehelperchat
23
https://github.com/nilsteampassnet/TeamPass
23
https://github.com/firefly-iii/firefly-iii
23
https://github.com/TYPO3/TYPO3.CMS
23
https://github.com/PrestaShop/PrestaShop
22
https://github.com/getkirby/kirby
22
https://github.com/laravel/framework
21
https://github.com/PHPOffice/PhpSpreadsheet
21
https://github.com/simplesamlphp/simplesamlphp
20
https://github.com/funadmin/funadmin
20
https://github.com/nilsteampassnet/teampass
19
https://github.com/intelliants/subrion
18
https://github.com/OpenMage/magento-lts
17
https://github.com/liufee/cms
17
https://github.com/yetiforcecompany/yetiforcecrm
16
https://github.com/TYPO3-CMS/core
16
https://github.com/forkcms/forkcms
16
https://github.com/drupal/core
15
https://github.com/zendframework/zendframework
15
https://github.com/PHPMailer/PHPMailer
15
https://github.com/centreon/centreon
15
https://github.com/dompdf/dompdf
15
https://github.com/cockpit-hq/cockpit
14
https://github.com/thorsten/phpMyFAQ
14
https://github.com/pimcore/admin-ui-classic-bundle
14
https://github.com/YesWiki/yeswiki
12
https://github.com/centreon/centreon-archived
12
https://github.com/codeigniter4/CodeIgniter4
12
https://github.com/modxcms/revolution
12
https://sourceforge.net/projects/phpmyadmin.sourceforge.net
12
https://github.com/yiisoft/yii2
12
https://github.com/smarty-php/smarty
12
https://github.com/WWBN/AVideo
11
https://github.com/Leantime/leantime
11
https://github.com/sulu/sulu
11
https://github.com/ezsystems/ezpublish-kernel
11
https://github.com/Sylius/Sylius
11
https://github.com/top-think/framework
11
https://github.com/cakephp/cakephp
11
https://github.com/Studio-42/elFinder
11
https://github.com/tinymce/tinymce
11
https://github.com/dolibarr/dolibarr
11
https://github.com/opencart/opencart
10
https://github.com/semplon/GeniXCMS
10
https://github.com/bolt/bolt
10
https://github.com/wallabag/wallabag
10
https://github.com/kevinpapst/kimai2
9
https://github.com/neorazorx/facturascripts
9
https://github.com/pterodactyl/panel
9
https://github.com/alextselegidis/easyappointments
9
https://github.com/LavaLite/cms
9
https://github.com/spatie/browsershot
9
https://github.com/statamic/cms
8
https://github.com/pimcore/customer-data-framework
8
https://github.com/Froxlor/Froxlor
8
https://github.com/francoisjacquet/rosariosis
8
https://github.com/RaspAP/raspap-webgui
8
https://github.com/twigphp/Twig
8
https://github.com/StarCitizenTools/mediawiki-skins-Citizen
8
https://github.com/croogo/croogo
8
https://github.com/flarum/framework
8
https://github.com/TribalSystems/Zenario
8
https://github.com/GilaCMS/gila
8
https://github.com/tecnickcom/TCPDF
8
https://github.com/admidio/admidio
8
https://github.com/wintercms/winter
7
https://github.com/composer/composer
7
https://github.com/twbs/bootstrap
7
https://github.com/ezsystems/ezplatform-admin-ui
7
https://github.com/passbolt/passbolt_api
7
https://github.com/Codiad/Codiad
7
https://github.com/ezsystems/ezplatform-kernel
7
https://github.com/pagekit/pagekit
7
https://github.com/d4wner/Vulnerabilities-Report
7
https://github.com/guzzle/guzzle
6
https://github.com/vrana/adminer
6
https://github.com/ADOdb/ADOdb
6
https://github.com/nystudio107/craft-seomatic
6
https://github.com/gleez/cms
6
https://github.com/api-platform/core
6
https://github.com/silverstripe/silverstripe-graphql
6
https://gitlab.com/francoisjacquet/rosariosis
6
https://github.com/ImpressCMS/impresscms
6
https://github.com/LimeSurvey/LimeSurvey
6
https://github.com/oroinc/orocommerce
6
https://github.com/bookstackapp/bookstack
6
https://github.com/ezsystems/ezpublish-legacy
6
https://github.com/phpseclib/phpseclib
6
https://github.com/zendframework/zf1
5
https://github.com/jbroadway/elefant
5
https://github.com/pear/Archive_Tar
5
https://github.com/thinkcmf/thinkcmf
5
https://github.com/contao/core
5
https://github.com/shopware5/shopware
5
https://github.com/nukeviet/nukeviet
5
https://github.com/auth0/auth0-PHP
5
https://github.com/Admidio/admidio
5
https://github.com/getformwork/formwork
5
https://github.com/backdrop/backdrop
5
https://github.com/gggeek/phpxmlrpc
5
https://github.com/ibexa/core
5
https://github.com/oroinc/platform
5
https://github.com/Bottelet/DaybydayCRM
5
https://github.com/dub-flow/vulnerability-research
5
https://github.com/in2code-de/femanager
5
https://github.com/codeigniter4/shield
4
https://github.com/crater-invoice/crater
4
https://github.com/zoujingli/ThinkAdmin
4
https://github.com/froxlor/Froxlor
4
https://github.com/yourls/yourls
4
https://github.com/ckeditor/ckeditor4
4
https://github.com/hieuminhnv/Zenario-CMS-last-version
4
https://github.com/appwrite/appwrite
4
https://github.com/reportico-web/reportico
4
https://github.com/phpservermon/phpservermon
4
https://github.com/pixelfed/pixelfed
4
https://github.com/brefphp/bref
4
https://github.com/TYPO3/html-sanitizer
4
https://github.com/progprnv/CVE-Reports
4
https://github.com/Cockpit-HQ/Cockpit
4
https://github.com/silverstripe/silverstripe-admin
4
https://github.com/in2code-de/powermail
4
https://github.com/BookStackApp/BookStack
4
https://github.com/oroinc/crm
4
https://github.com/ezsystems/ezplatform
4
https://github.com/livewire/livewire
4
https://github.com/ibexa/admin-ui
4
https://github.com/bagisto/bagisto
4
https://github.com/haxtheweb/issues
4
https://github.com/Sylius/SyliusResourceBundle
4
https://github.com/fiveai/Cachet
4
https://github.com/kimai/kimai
4
https://github.com/ezsystems/ezplatform-richtext
4
https://github.com/Cyber-Wo0dy/report
3
https://github.com/artesaos/seotools
3
https://github.com/phpbb/phpbb
3
https://github.com/guzzle/psr7
3
https://github.com/alexbsec/CVEs
3
https://github.com/darylldoyle/svg-sanitizer
3
https://github.com/liufee/feehicms
3
https://github.com/aimeos/ai-admin-graphql
3
https://github.com/verbb/comments
3
https://github.com/PrestaShop/productcomments
3
https://github.com/verbb/formie
3
https://github.com/woocommerce/woocommerce
3
https://github.com/thephpleague/commonmark
3
https://github.com/elgg/elgg
3
https://github.com/flarum/core
3
https://github.com/yiisoft/yii
3
https://github.com/TYPO3-Solr/ext-solr
3
https://github.com/PrivateBin/PrivateBin
3
https://github.com/dd3x3r/enhavo
3
https://github.com/jquery/jquery
3
https://github.com/Athlon1600/php-proxy-app
3
https://github.com/orchidsoftware/platform
3
https://github.com/phpbb/phpbb-app
3
https://github.com/github/advisory-database
3
https://github.com/qcubed/qcubed
3
https://github.com/ezsystems/ezplatform-http-cache
3
https://github.com/thedevdojo/voyager
3
https://github.com/belong2yourself/vulnerabilities
3
https://github.com/simplesamlphp/saml2
3
https://github.com/notrinos/notrinoserp
3
https://github.com/idno/known
3
https://github.com/Rudloff/alltube
3
https://github.com/quickapps/cms
3
https://github.com/wikimedia/mediawiki
3
https://github.com/concrete5/concrete5
3
https://github.com/opensource-workshop/connect-cms
3
https://github.com/UniSharp/laravel-filemanager
3
https://github.com/FriendsOfSymfony/FOSUserBundle
3
https://github.com/Sylius/PayPalPlugin
3
https://github.com/joomla/joomla-cms
3
https://github.com/facade/ignition
3