Security Advisories for symfony/symfony in packagist
High
11 months ago
Symfony vulnerable to command execution hijack on Windows with Process class
packagist
symfony/symfony, symfony/process
Low
11 months ago
Symfony has an incorrect response from Validator when input ends with `\n`
packagist
symfony/validator, symfony/symfony
Low
11 months ago
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
packagist
symfony/symfony, symfony/http-client
Moderate
11 months ago
Symfony allows changing the environment through a query
packagist
symfony/symfony, symfony/runtime
High
over 1 year ago
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
packagist
symfony/web-profiler-bundle, symfony/symfony
Critical
over 1 year ago
Symfony XML decoding attack vector through external entities
packagist
symfony/symfony
Moderate
over 1 year ago
Symfony may allow a user to switch to using another user's identity
packagist
symfony/symfony
High
over 1 year ago
Symfony allows direct access of ESI URLs behind a trusted proxy
packagist
symfony/symfony, symfony/http-kernel
Moderate
over 1 year ago
Symfony has unsafe methods in the Request class
packagist
symfony/symfony, symfony/http-foundation
Moderate
over 1 year ago
Symfony has a security issue when parsing the Authorization header
packagist
symfony/symfony, symfony/http-foundation
High
over 1 year ago
Symfony vulnerable to denial of service via a malicious HTTP Host header
packagist
symfony/symfony, symfony/http-foundation
Moderate
over 1 year ago
Symfony2 security issue when the trust proxy mode is enabled
packagist
symfony/symfony, symfony/http-foundation
Moderate
almost 2 years ago
Symfony potential Cross-site Scripting in WebhookController
packagist
symfony/symfony, symfony/webhook
Moderate
almost 2 years ago
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
packagist
symfony/symfony, symfony/twig-bridge
Moderate
over 2 years ago
Symfony storing cookie headers in HttpCache
packagist
symfony/symfony, symfony/http-kernel
Critical
over 3 years ago
Symfony Incorrect Access Control
packagist
symfony/symfony, symfony/security, symfony/security-core
Moderate
over 3 years ago
Symfony Denial of Service Via Long Password Hashing
packagist
symfony/security, symfony/polyfill, symfony/symfony
High
over 3 years ago
Symphony Denial of Service Via Overlong Usernames
packagist
symfony/symfony, symfony/security, symfony/security-http
High
over 3 years ago
Symfony Cryptographic Vulnerability
packagist
symfony/symfony, symfony/security, symfony/security-core
Moderate
over 3 years ago
Symfony Vulnerable to PHP Eval Injection
packagist
symfony/http-kernel, symfony/symfony
High
over 3 years ago
Symfony Vulnerable to Timing Attack
packagist
symfony/symfony, symfony/security, symfony/security-http, symfony/form
Moderate
over 3 years ago
Symfony Incorrect Access Control
packagist
symfony/http-kernel, symfony/symfony
High
over 3 years ago
Symphony Vulnerable to PHP Code Injection via YAML Parsing
packagist
symfony/yaml, symfony/symfony
Critical
over 3 years ago
Symfony Authentication Bypass
packagist
symfony/symfony, symfony/security, symfony/security-core
Critical
over 3 years ago
Symfony Authentication Bypass
packagist
symfony/symfony, symfony/security, symfony/security-core
High
over 3 years ago
Symfony Session Fixation Vulnerability
packagist
symfony/security, symfony/security-http, symfony/symfony
High
over 3 years ago
Symfony CSRF Token Fixation
packagist
symfony/security, symfony/security-http, symfony/security-bundle, symfony/symfony
Moderate
over 3 years ago
Symfony Open Redirect
packagist
symfony/symfony, symfony/security, symfony/security-http
Moderate
over 3 years ago
Symfony CSRF Vulnerability
packagist
symfony/symfony, symfony/security, symfony/security-csrf
High
over 3 years ago
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass
packagist
symfony/symfony
High
over 3 years ago
Symfony Http-Kernel has non-constant time comparison in UriSigner
packagist
symfony/symfony, symfony/http-kernel
Moderate
almost 4 years ago
Cookie persistence after password changes in symfony/security-bundle
packagist
symfony/symfony
Moderate
over 4 years ago
Authentication granted to all firewalls instead of just one
packagist
symfony/symfony, symfony/security-http
Moderate
over 4 years ago
Prevent user enumeration using Guard or the new Authenticator-based Security
packagist
symfony/symfony, symfony/security, symfony/security-http, symfony/maker-bundle, lexik/jwt-authentication-bundle, symfony/security-core, symfony/security-guard
High
over 5 years ago
Firewall configured with unanimous strategy was not actually unanimous in Symfony
packagist
symfony/symfony
Moderate
over 5 years ago
Exceptions displayed in non-debug configurations in Symfony
packagist
symfony/symfony, symfony/error-handler
Low
over 5 years ago
Prevent cache poisoning via a Response Content-Type header in Symfony
packagist
symfony/symfony
High
over 5 years ago
Improper authentication in Symfony
packagist
symfony/symfony, symfony/security, symfony/security-http
Critical
over 5 years ago
Improper Input Validation in Symfony
packagist
symfony/var-exporter, symfony/symfony
Critical
almost 6 years ago
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
packagist
symfony/symfony, symfony/http-foundation
Moderate
almost 6 years ago
User enumeration leak using switch user functionality in Symfony
packagist
symfony/symfony, symfony/security-http
High
almost 6 years ago
Argument injection in a MimeTypeGuesser in Symfony
packagist
symfony/symfony, symfony/mime, symfony/http-foundation
Critical
almost 6 years ago
Symfony Unsafe Cache Serialization Could Enable RCE
packagist
symfony/symfony, symfony/cache
Critical
almost 6 years ago
Symfony Service IDs Allow Injection
packagist
symfony/symfony, symfony/proxy-manager-bridge, symfony/dependency-injection