Browse Security Advisories
Security Advisories for symfony/symfony Clear Filters
High
9 months ago
Symfony vulnerable to command execution hijack on Windows with Process class
packagist
symfony/symfony, symfony/process
Low
9 months ago
Symfony has an incorrect response from Validator when input ends with `\n`
packagist
symfony/validator, symfony/symfony
Low
9 months ago
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
packagist
symfony/symfony, symfony/http-client
Low
9 months ago
Symfony's `Security::login` does not take into account custom `user_checker`
packagist
symfony/symfony, symfony/security-bundle
Moderate
9 months ago
Symfony allows changing the environment through a query
packagist
symfony/symfony, symfony/runtime
High
about 1 year ago
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
packagist
symfony/web-profiler-bundle, symfony/symfony
Critical
about 1 year ago
Symfony XML decoding attack vector through external entities
packagist
symfony/symfony
Moderate
about 1 year ago
Symfony may allow a user to switch to using another user's identity
packagist
symfony/symfony
High
about 1 year ago
Symfony allows direct access of ESI URLs behind a trusted proxy
packagist
symfony/symfony, symfony/http-kernel
Moderate
about 1 year ago
Symfony has unsafe methods in the Request class
packagist
symfony/symfony, symfony/http-foundation
Moderate
about 1 year ago
Symfony has a security issue when parsing the Authorization header
packagist
symfony/symfony, symfony/http-foundation
High
about 1 year ago
Symfony vulnerable to denial of service via a malicious HTTP Host header
packagist
symfony/symfony, symfony/http-foundation
Moderate
about 1 year ago
Symfony2 security issue when the trust proxy mode is enabled
packagist
symfony/symfony, symfony/http-foundation
High
about 1 year ago
Code injection in the way Symfony implements translation caching in FrameworkBundle
packagist
symfony/symfony, symfony/framework-bundle
Moderate
over 1 year ago
Symfony potential Cross-site Scripting in WebhookController
packagist
symfony/symfony, symfony/webhook
Moderate
over 1 year ago
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
packagist
symfony/symfony, symfony/twig-bridge
Moderate
over 1 year ago
Symfony possible session fixation vulnerability
packagist
symfony/symfony, symfony/security-http
Moderate
over 2 years ago
Symfony storing cookie headers in HttpCache
packagist
symfony/symfony, symfony/http-kernel
Moderate
over 2 years ago
Symfony vulnerable to Session Fixation of CSRF tokens
packagist
symfony/symfony, symfony/security-bundle
Critical
about 3 years ago
Symfony Incorrect Access Control
packagist
symfony/symfony, symfony/security, symfony/security-core
Moderate
about 3 years ago
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
packagist
symfony/symfony, symfony/security, symfony/routing, symfony/http-foundation
Moderate
about 3 years ago
Symfony Denial of Service Via Long Password Hashing
packagist
symfony/security, symfony/polyfill, symfony/symfony
High
about 3 years ago
Symfony Cryptographic Vulnerability
packagist
symfony/symfony, symfony/security, symfony/security-core
High
about 3 years ago
Symphony Denial of Service Via Overlong Usernames
packagist
symfony/symfony, symfony/security, symfony/security-http
Moderate
about 3 years ago
Symfony Vulnerable to PHP Eval Injection
packagist
symfony/http-kernel, symfony/symfony
High
about 3 years ago
Symfony Vulnerable to Timing Attack
packagist
symfony/symfony, symfony/security, symfony/security-http, symfony/form
Moderate
about 3 years ago
Symfony Incorrect Access Control
packagist
symfony/http-kernel, symfony/symfony
High
about 3 years ago
Symphony Vulnerable to PHP Code Injection via YAML Parsing
packagist
symfony/yaml, symfony/symfony
Critical
about 3 years ago
Symfony Authentication Bypass
packagist
symfony/symfony, symfony/security, symfony/security-core
Critical
about 3 years ago
Symfony Authentication Bypass
packagist
symfony/symfony, symfony/security, symfony/security-core
Low
about 3 years ago
Symfony Session Fixation Vulnerability
packagist
symfony/security, symfony/security-http, symfony/symfony
Moderate
about 3 years ago
Symfony SSRF Vulnerability via Form Component
packagist
symfony/symfony, symfony/form
High
about 3 years ago
Symfony Session Fixation Vulnerability
packagist
symfony/security, symfony/security-http, symfony/symfony
Moderate
about 3 years ago
Symfony Open Redirect
packagist
symfony/security, symfony/security-http, symfony/symfony
High
about 3 years ago
Symfony CSRF Token Fixation
packagist
symfony/security, symfony/security-http, symfony/security-bundle, symfony/symfony
Moderate
about 3 years ago
Symfony Open Redirect
packagist
symfony/symfony, symfony/security, symfony/security-http
Moderate
about 3 years ago
Symfony CSRF Vulnerability
packagist
symfony/symfony, symfony/security, symfony/security-csrf
Moderate
about 3 years ago
Symfony HTTP Foundation web cache poisoning
packagist
symfony/symfony, symfony/http-foundation
Moderate
about 3 years ago
Symfony Host Header Injection vulnerability in the HttpFoundation component
packagist
symfony/http-foundation, symfony/symfony
High
about 3 years ago
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass
packagist
symfony/symfony, symfony/validator
High
over 3 years ago
Symfony Http-Kernel has non-constant time comparison in UriSigner
packagist
symfony/symfony, symfony/http-kernel
Moderate
over 3 years ago
CSV Injection in symfony/serializer
packagist
symfony/symfony, symfony/serializer
Moderate
over 3 years ago
Cookie persistence after password changes in symfony/security-bundle
packagist
symfony/symfony, symfony/security-bundle
Moderate
over 3 years ago
Webcache Poisoning in symfony/http-kernel
packagist
symfony/symfony, symfony/http-kernel
Moderate
about 4 years ago
Authentication granted to all firewalls instead of just one
packagist
symfony/symfony, symfony/security-http
Low
about 4 years ago
User enumeration in authentication mechanisms
packagist
symfony/symfony, symfony/security-http
Moderate
about 4 years ago
Prevent user enumeration using Guard or the new Authenticator-based Security
packagist
symfony/symfony, symfony/security, symfony/security-http, symfony/maker-bundle, lexik/jwt-authentication-bundle, symfony/security-core, symfony/security-guard
High
over 5 years ago
Firewall configured with unanimous strategy was not actually unanimous in Symfony
packagist
symfony/symfony, symfony/security-http, symfony/security
Moderate
over 5 years ago
Exceptions displayed in non-debug configurations in Symfony
packagist
symfony/symfony, symfony/error-handler
Low
over 5 years ago
Prevent cache poisoning via a Response Content-Type header in Symfony
packagist
symfony/symfony, symfony/http-foundation
High
over 5 years ago
Improper authentication in Symfony
packagist
symfony/symfony, symfony/security, symfony/security-http
High
over 5 years ago
Deserialization of untrusted data in Symfony
packagist
typo3/cms, typo3/cms-core, symfony/symfony, symfony/phpunit-bridge, symfony/cache
Critical
over 5 years ago
Improper Input Validation in Symfony
packagist
symfony/var-exporter, symfony/symfony
Critical
over 5 years ago
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
packagist
symfony/symfony, symfony/http-foundation
Moderate
over 5 years ago
User enumeration leak using switch user functionality in Symfony
packagist
symfony/symfony, symfony/security-http
High
over 5 years ago
Argument injection in a MimeTypeGuesser in Symfony
packagist
symfony/symfony, symfony/mime, symfony/http-foundation
Critical
over 5 years ago
Symfony Unsafe Cache Serialization Could Enable RCE
packagist
symfony/symfony, symfony/cache
Critical
over 5 years ago
Symfony Service IDs Allow Injection
packagist
symfony/symfony, symfony/proxy-manager-bridge, symfony/dependency-injection
Moderate
over 5 years ago
Symfony Cross-site Scripting (XSS) vulnerability
packagist
drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Filter by Severity
Filter by Ecosystem
maven
6,666
packagist
5,357
pypi
4,846
npm
4,195
go
2,803
nuget
1,702
cargo
1,067
rubygems
919
hex
37
swift
35
actions
32
pub
10
Filter by Package
tensorflow
433
tensorflow-gpu
427
tensorflow-cpu
423
moodle/moodle
418
magento/community-edition
300
Microsoft.ChakraCore
247
org.jenkins-ci.main:jenkins-core
239
typo3/cms
190
org.apache.tomcat:tomcat
138
pimcore/pimcore
120
dolibarr/dolibarr
116
github.com/mattermost/mattermost/server/v8
115
typo3/cms-core
111
com.liferay.portal:release.portal.bom
110
Django
107
phpmyadmin/phpmyadmin
107
com.liferay.portal:release.dxp.bom
105
drupal/core
103
magento/project-community-edition
100
microweber/microweber
99
silverstripe/framework
92
apache-airflow
85
drupal/drupal
83
librenms/librenms
82
thorsten/phpmyfaq
73
Plone
72
com.fasterxml.jackson.core:jackson-databind
69
symfony/symfony
69
github.com/usememos/memos
66
salt
65
concrete5/concrete5
65
ansible
63
actionpack
61
shopware/platform
57
org.apache.struts:struts2-core
57
apache-superset
57
github.com/grafana/grafana
56
mlflow
53
craftcms/cms
51
org.keycloak:keycloak-core
50
nova
48
baserproject/basercms
47
nokogiri
46
django
46
org.apache.tomcat.embed:tomcat-embed-core
46
shopware/core
45
github.com/rancher/rancher
44
vyper
44
gradio
44
mautic/core
44
rdiffweb
42
matrix-synapse
42
nilsteampassnet/teampass
42
plone
41
org.elasticsearch:elasticsearch
41
showdoc/showdoc
41
k8s.io/kubernetes
41
org.xwiki.platform:xwiki-platform-oldcore
41
mantisbt/mantisbt
41
org.keycloak:keycloak-services
41
github.com/hashicorp/vault
40
froxlor/froxlor
40
github.com/mattermost/mattermost-server/v6
39
intelliants/subrion
39
directus
38
com.thoughtworks.xstream:xstream
37
com.jfinal:jfinal
36
net.mingsoft:ms-mcms
36
snipe/snipe-it
36
moin
35
zendframework/zendframework1
34
io.undertow:undertow-core
34
org.jenkins-ci.plugins:script-security
34
github.com/answerdev/answer
34
parse-server
33
gogs.io/gogs
33
keystone
32
github.com/argoproj/argo-cd
31
github.com/docker/docker
31
github.com/cilium/cilium
31
github.com/hashicorp/nomad
31
opencv-python
31
opencv-contrib-python
31
Pillow
31
github.com/argoproj/argo-cd/v2
31
shopware/shopware
30
getgrav/grav
30
rack
29
github.com/hashicorp/consul
29
github.com/mattermost/mattermost-server
29
org.apache.solr:solr-core
28
electron
28
mediawiki/core
28
centreon/centreon
27
org.opencms:opencms-core
27
pillow
26
next
26
openssl-src
26
org.springframework.security:spring-security-core
26
prestashop/prestashop
26
contao/core-bundle
25
org.eclipse.jetty:jetty-server
25
open-webui
25
rubygems-update
25
org.keycloak:keycloak-parent
24
pocketmine/pocketmine-mp
24
github.com/traefik/traefik/v2
24
surrealdb
24
getkirby/cms
24
magento/core
24
vllm
23
phpoffice/phpexcel
23
grumpydictator/firefly-iii
23
laravel/framework
23
zendframework/zendframework
23
simplesamlphp/simplesamlphp
23
remdex/livehelperchat
23
puppet
23
Microsoft.AspNetCore.App.Runtime.win-x86
22
org.bouncycastle:bcprov-jdk14
22
DotNetNuke.Core
22
tribalsystems/zenario
22
org.apache.openmeetings:openmeetings-parent
22
ckb
22
Microsoft.AspNetCore.App.Runtime.win-x64
22
@openzeppelin/contracts-upgradeable
22
phpoffice/phpspreadsheet
21
Microsoft.AspNetCore.App.Runtime.win-arm
21
@openzeppelin/contracts
21
activerecord
21
github.com/goharbor/harbor
21
org.apache.nifi:nifi
21
github.com/ethereum/go-ethereum
21
glance
21
org.apache.tomcat:tomcat-catalina
21
code.gitea.io/gitea
20
langchain
20
pyload-ng
20
org.cloudfoundry.identity:cloudfoundry-identity-server
20
golang.org/x/net
20
funadmin/funadmin
20
aim
20
cockpit-hq/cockpit
20
wasmtime
20
org.xwiki.platform:xwiki-platform-web-templates
19
Microsoft.AspNetCore.App.Runtime.linux-arm
19
Microsoft.AspNetCore.App.Runtime.osx-x64
19
neutron
19
github.com/zitadel/zitadel
19
helm.sh/helm/v3
19
Microsoft.AspNetCore.App.Runtime.linux-x64
19
Microsoft.AspNetCore.App.Runtime.linux-musl-x64
19
Microsoft.AspNetCore.App.Runtime.win-arm64
19
deno
19
Microsoft.AspNetCore.App.Runtime.linux-arm64
19
org.apache.tomcat:tomcat-coyote
19
com.vaadin:vaadin-bom
18
cobbler
18
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
18
contao/contao
18
mindsdb
18
mercurial
18
org.apache.jspwiki:jspwiki-main
18
forkcms/forkcms
18
topthink/framework
18
genix/cms
18
cakephp/cakephp
17
opencart/opencart
17
symfony/security
17
typo3/cms-backend
17
francoisjacquet/rosariosis
17
org.apache.inlong:manager-pojo
17
openmage/magento-lts
17
calibreweb
17
yetiforce/yetiforce-crm
17
cryptography
17
OctoPrint
17
notebook
17
org.springframework:spring-core
17
org.apache.geode:geode-core
17
ezsystems/ezpublish-kernel
17
org.apache.dubbo:dubbo
16
sequelize
16
lollms
16
Microsoft.NetCore.App.Runtime.win-x86
16
Microsoft.NetCore.App.Runtime.win-x64
16
Microsoft.NetCore.App.Runtime.win-arm64
16
Microsoft.NetCore.App.Runtime.win-arm
16
ethyca-fides
16
paddlepaddle
16
PaddlePaddle
16
github.com/traefik/traefik/v3
16
rusqlite
16
phpbb/phpbb
16
org.bouncycastle:bcprov-jdk15
16
github.com/openfga/openfga
16
tinymce
16
org.apache.activemq:activemq-client
16
october/system
16
org.apache.ranger:ranger
16