Browse Security Advisories
Security Advisories for https://github.com/symfony/symfony Clear Filters
High
about 1 year ago
Symfony has an Authentication Bypass via RememberMe
packagist
symfony/security-http
High
about 1 year ago
Symfony vulnerable to command execution hijack on Windows with Process class
packagist
symfony/symfony, symfony/process
Low
about 1 year ago
Symfony vulnerable to open redirect via browser-sanitized URLs
packagist
symfony/http-foundation
Low
about 1 year ago
Symfony has an incorrect response from Validator when input ends with `\n`
packagist
symfony/validator, symfony/symfony
Low
about 1 year ago
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
packagist
symfony/symfony, symfony/http-client
Low
about 1 year ago
Symfony's `Security::login` does not take into account custom `user_checker`
packagist
symfony/symfony, symfony/security-bundle
Moderate
about 1 year ago
Symfony allows changing the environment through a query
packagist
symfony/symfony, symfony/runtime
High
over 1 year ago
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
packagist
symfony/web-profiler-bundle, symfony/symfony
Critical
over 1 year ago
Symfony XML decoding attack vector through external entities
packagist
symfony/symfony
Moderate
over 1 year ago
Symfony may allow a user to switch to using another user's identity
packagist
symfony/symfony
High
over 1 year ago
Symfony allows direct access of ESI URLs behind a trusted proxy
packagist
symfony/symfony, symfony/http-kernel
Moderate
over 1 year ago
Symfony has unsafe methods in the Request class
packagist
symfony/symfony, symfony/http-foundation
Moderate
over 1 year ago
Symfony has a security issue when parsing the Authorization header
packagist
symfony/symfony, symfony/http-foundation
High
over 1 year ago
Symfony vulnerable to denial of service via a malicious HTTP Host header
packagist
symfony/symfony, symfony/http-foundation
High
over 1 year ago
Code injection in the way Symfony implements translation caching in FrameworkBundle
packagist
symfony/symfony, symfony/framework-bundle
Moderate
about 2 years ago
Symfony potential Cross-site Scripting in WebhookController
packagist
symfony/symfony, symfony/webhook
Moderate
about 2 years ago
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
packagist
symfony/symfony, symfony/twig-bridge
Moderate
about 2 years ago
Symfony possible session fixation vulnerability
packagist
symfony/symfony, symfony/security-http
Moderate
almost 3 years ago
Symfony storing cookie headers in HttpCache
packagist
symfony/symfony, symfony/http-kernel
Moderate
almost 3 years ago
Symfony vulnerable to Session Fixation of CSRF tokens
packagist
symfony/symfony, symfony/security-bundle
Critical
over 3 years ago
Symfony Incorrect Access Control
packagist
symfony/symfony, symfony/security, symfony/security-core
Moderate
over 3 years ago
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
packagist
symfony/symfony, symfony/security, symfony/routing, symfony/http-foundation
Moderate
over 3 years ago
Symfony Denial of Service Via Long Password Hashing
packagist
symfony/security, symfony/polyfill, symfony/symfony
High
over 3 years ago
Symphony Denial of Service Via Overlong Usernames
packagist
symfony/symfony, symfony/security, symfony/security-http
High
over 3 years ago
Symfony Cryptographic Vulnerability
packagist
symfony/symfony, symfony/security, symfony/security-core
Moderate
over 3 years ago
Symfony Vulnerable to PHP Eval Injection
packagist
symfony/http-kernel, symfony/symfony
High
over 3 years ago
Symfony Vulnerable to Timing Attack
packagist
symfony/symfony, symfony/security, symfony/security-http, symfony/form
High
over 3 years ago
Symphony Vulnerable to PHP Code Injection via YAML Parsing
packagist
symfony/yaml, symfony/symfony
Critical
over 3 years ago
Symfony Authentication Bypass
packagist
symfony/symfony, symfony/security, symfony/security-core
Moderate
over 3 years ago
Symfony SSRF Vulnerability via Form Component
packagist
symfony/symfony, symfony/form
Moderate
over 3 years ago
Symfony Open Redirect
packagist
symfony/symfony, symfony/security, symfony/security-http
Moderate
over 3 years ago
Symfony CSRF Vulnerability
packagist
symfony/symfony, symfony/security, symfony/security-csrf
Moderate
over 3 years ago
Symfony HTTP Foundation web cache poisoning
packagist
symfony/http-foundation
High
over 3 years ago
Symfony Http-Kernel has non-constant time comparison in UriSigner
packagist
symfony/symfony, symfony/http-kernel
Moderate
almost 4 years ago
Cookie persistence after password changes in symfony/security-bundle
packagist
symfony/security-bundle
Moderate
over 4 years ago
Authentication granted to all firewalls instead of just one
packagist
symfony/symfony, symfony/security-http
Moderate
over 4 years ago
Prevent user enumeration using Guard or the new Authenticator-based Security
packagist
symfony/symfony, symfony/security, symfony/security-http, symfony/maker-bundle, lexik/jwt-authentication-bundle, symfony/security-core, symfony/security-guard
High
over 5 years ago
Firewall configured with unanimous strategy was not actually unanimous in Symfony
packagist
symfony/security-http, symfony/security
Moderate
over 5 years ago
Exceptions displayed in non-debug configurations in Symfony
packagist
symfony/symfony, symfony/error-handler
Low
over 5 years ago
Prevent cache poisoning via a Response Content-Type header in Symfony
packagist
symfony/http-foundation
High
almost 6 years ago
Improper authentication in Symfony
packagist
symfony/symfony, symfony/security, symfony/security-http
High
almost 6 years ago
Deserialization of untrusted data in Symfony
packagist
symfony/symfony, symfony/phpunit-bridge, symfony/cache
Critical
almost 6 years ago
Improper Input Validation in Symfony
packagist
symfony/var-exporter, symfony/symfony
Critical
almost 6 years ago
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
packagist
symfony/symfony, symfony/http-foundation
Moderate
almost 6 years ago
User enumeration leak using switch user functionality in Symfony
packagist
symfony/symfony, symfony/security-http
High
almost 6 years ago
Argument injection in a MimeTypeGuesser in Symfony
packagist
symfony/symfony, symfony/mime, symfony/http-foundation
Critical
almost 6 years ago
Symfony Unsafe Cache Serialization Could Enable RCE
packagist
symfony/symfony, symfony/cache
Critical
about 6 years ago
Symfony Service IDs Allow Injection
packagist
symfony/symfony, symfony/proxy-manager-bridge, symfony/dependency-injection
Moderate
about 6 years ago
Symfony Cross-site Scripting (XSS) vulnerability
packagist
drupal/core, symfony/symfony, symfony/framework-bundle
Filter by Severity
Filter by Ecosystem
maven
6,909
packagist
5,462
pypi
4,927
npm
4,427
go
3,004
nuget
1,622
cargo
1,120
rubygems
905
hex
40
actions
39
swift
34
pub
10
Filter by Package
tensorflow
433
moodle/moodle
425
tensorflow-cpu
410
tensorflow-gpu
400
magento/community-edition
361
Microsoft.ChakraCore
247
org.jenkins-ci.main:jenkins-core
242
typo3/cms
169
com.liferay.portal:release.portal.bom
151
github.com/mattermost/mattermost/server/v8
142
org.apache.tomcat:tomcat
140
com.liferay.portal:release.dxp.bom
122
pimcore/pimcore
120
magento/project-community-edition
118
dolibarr/dolibarr
117
phpmyadmin/phpmyadmin
107
typo3/cms-core
107
microweber/microweber
103
drupal/core
103
silverstripe/framework
90
librenms/librenms
89
apache-airflow
89
Django
89
github.com/mattermost/mattermost-server
77
thorsten/phpmyfaq
75
drupal/drupal
72
com.fasterxml.jackson.core:jackson-databind
69
github.com/usememos/memos
69
concrete5/concrete5
67
salt
65
ansible
64
shopware/platform
63
symfony/symfony
62
apache-superset
61
actionpack
58
github.com/grafana/grafana
57
org.apache.struts:struts2-core
56
mlflow
55
Plone
54
craftcms/cms
53
shopware/core
52
github.com/hashicorp/vault
51
github.com/rancher/rancher
50
org.keycloak:keycloak-core
50
mautic/core
48
nova
48
django
48
baserproject/basercms
47
nokogiri
45
mantisbt/mantisbt
45
org.keycloak:keycloak-services
45
vyper
44
gradio
44
directus
43
org.elasticsearch:elasticsearch
43
matrix-synapse
43
org.xwiki.platform:xwiki-platform-oldcore
43
rdiffweb
42
nilsteampassnet/teampass
42
plone
41
showdoc/showdoc
41
k8s.io/kubernetes
41
froxlor/froxlor
40
org.apache.tomcat.embed:tomcat-embed-core
40
intelliants/subrion
40
snipe/snipe-it
39
picklescan
39
github.com/mattermost/mattermost-server/v6
38
net.mingsoft:ms-mcms
38
com.thoughtworks.xstream:xstream
37
github.com/argoproj/argo-cd/v2
36
com.jfinal:jfinal
36
io.undertow:undertow-core
35
rack
35
moin
35
parse-server
35
github.com/answerdev/answer
34
org.jenkins-ci.plugins:script-security
33
flowise
33
gogs.io/gogs
32
zendframework/zendframework1
32
keystone
32
opencv-python
31
vllm
31
opencv-contrib-python
31
shopware/shopware
31
github.com/cilium/cilium
31
github.com/hashicorp/consul
31
github.com/hashicorp/nomad
31
github.com/argoproj/argo-cd
30
getgrav/grav
30
contao/core-bundle
29
github.com/docker/docker
29
next
29
electron
28
DotNetNuke.Core
28
pillow
28
Pillow
28
mediawiki/core
28
org.springframework.security:spring-security-core
27
prestashop/prestashop
27
org.apache.solr:solr-core
27
open-webui
27
org.opencms:opencms-core
27
centreon/centreon
27
org.eclipse.jetty:jetty-server
25
github.com/traefik/traefik/v2
25
getkirby/cms
25
rubygems-update
25
org.apache.tomcat:tomcat-catalina
25
pocketmine/pocketmine-mp
25
openssl-src
25
pyload-ng
24
surrealdb
24
org.keycloak:keycloak-parent
24
magento/core
24
simplesamlphp/simplesamlphp
23
laravel/framework
23
grumpydictator/firefly-iii
23
puppet
23
remdex/livehelperchat
23
zendframework/zendframework
22
wasmtime
22
tribalsystems/zenario
22
deno
22
phpoffice/phpspreadsheet
22
ckb
22
activerecord
22
org.apache.openmeetings:openmeetings-parent
22
glance
21
github.com/zitadel/zitadel
21
org.bouncycastle:bcprov-jdk14
21
org.apache.nifi:nifi
21
github.com/goharbor/harbor
21
github.com/ethereum/go-ethereum
21
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
21
org.cloudfoundry.identity:cloudfoundry-identity-server
20
cockpit-hq/cockpit
20
funadmin/funadmin
20
ethyca-fides
20
typo3/cms-backend
20
aim
20
org.xwiki.platform:xwiki-platform-web-templates
20
code.gitea.io/gitea
20
helm.sh/helm/v3
20
Microsoft.AspNetCore.App.Runtime.win-x64
19
contao/contao
19
transformers
19
neutron
19
topthink/framework
19
langchain
19
cobbler
18
com.liferay.portal:com.liferay.portal.impl
18
mercurial
18
openmage/magento-lts
18
Microsoft.AspNetCore.App.Runtime.linux-arm64
18
genix/cms
18
github.com/openfga/openfga
18
Microsoft.AspNetCore.App.Runtime.linux-arm
18
golang.org/x/net
18
com.vaadin:vaadin-bom
18
forkcms/forkcms
18
Microsoft.AspNetCore.App.Runtime.win-arm
18
org.apache.jspwiki:jspwiki-main
18
Microsoft.AspNetCore.App.Runtime.win-x86
18
Microsoft.AspNetCore.App.Runtime.win-arm64
18
mindsdb
18
org.springframework:spring-core
18
cakephp/cakephp
17
github.com/traefik/traefik/v3
17
opencart/opencart
17
OctoPrint
17
Microsoft.AspNetCore.App.Runtime.linux-musl-x64
17
yetiforce/yetiforce-crm
17
org.apache.inlong:manager-pojo
17
ezsystems/ezpublish-kernel
17
org.apache.geode:geode-core
17
github.com/containerd/containerd
17
cryptography
17
notebook
17
francoisjacquet/rosariosis
17
calibreweb
17
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
17
Microsoft.AspNetCore.App.Runtime.linux-x64
17
pgadmin4
16
lollms
16
org.apache.ranger:ranger
16
paddlepaddle
16
phpbb/phpbb
16
PaddlePaddle
16
rusqlite
16
sequelize
16
vite
16
org.apache.dubbo:dubbo
16
tinymce
16
ghost
16
github.com/opencontainers/runc
16
org.apache.activemq:activemq-client
16
Microsoft.AspNetCore.App.Runtime.osx-x64
16
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/moodle/moodle
250
https://github.com/xwiki/xwiki-platform
222
https://github.com/chakra-core/ChakraCore
214
https://github.com/jenkinsci/jenkins
178
https://github.com/liferay/liferay-portal
170
https://github.com/django/django
121
https://github.com/apache/tomcat
118
https://github.com/pimcore/pimcore
116
https://github.com/apache/airflow
105
https://github.com/TYPO3/typo3
94
https://github.com/keycloak/keycloak
90
https://github.com/microweber/microweber
90
https://github.com/librenms/librenms
77
https://github.com/FasterXML/jackson-databind
70
https://github.com/rails/rails
70
https://github.com/thorsten/phpmyfaq
69
https://github.com/usememos/memos
68
https://github.com/silverstripe/silverstripe-framework
68
https://github.com/kubernetes/kubernetes
66
https://github.com/symfony/symfony
64
https://github.com/Dolibarr/dolibarr
60
https://github.com/mattermost/mattermost
59
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/spring-projects/spring-framework
51
https://github.com/argoproj/argo-cd
50
https://github.com/grafana/grafana
47
https://github.com/apache/struts
47
https://github.com/rancher/rancher
46
https://github.com/mautic/mautic
46
https://github.com/phpmyadmin/phpmyadmin
45
https://github.com/vyperlang/vyper
44
https://github.com/concretecms/concretecms
44
https://github.com/shopware/platform
43
https://github.com/ikus060/rdiffweb
42
https://github.com/mantisbt/mantisbt
42
https://github.com/saltstack/salt
42
https://github.com/craftcms/cms
41
https://github.com/directus/directus
41
https://github.com/shopware/shopware
40
https://github.com/star7th/showdoc
39
https://github.com/gradio-app/gradio
39
https://github.com/mmaitre314/picklescan
39
https://github.com/dotnet/runtime
38
https://github.com/openstack/nova
38
https://github.com/magento/magento2
38
https://github.com/x-stream/xstream
37
https://github.com/plone/Products.CMFPlone
37
https://github.com/octobercms/october
36
https://github.com/mlflow/mlflow
36
https://github.com/umbraco/Umbraco-CMS
35
https://github.com/sparklemotion/nokogiri
35
https://github.com/parse-community/parse-server
34
https://github.com/apache/activemq
34
https://github.com/answerdev/answer
34
https://github.com/go-gitea/gitea
32
https://github.com/matrix-org/synapse
32
https://github.com/opencv/opencv
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/cilium/cilium
31
https://github.com/apache/inlong
31
https://github.com/snipe/snipe-it
30
https://github.com/contao/contao
30
https://github.com/rack/rack
29
https://github.com/strapi/strapi
29
https://github.com/FlowiseAI/Flowise
28
https://github.com/gogs/gogs
28
https://github.com/openstack/keystone
28
https://github.com/electron/electron
28
https://github.com/CVEProject/cvelist
28
https://github.com/netty/netty
27
https://github.com/baserproject/basercms
26
https://github.com/froxlor/froxlor
26
https://github.com/zitadel/zitadel
26
https://github.com/apache/nifi
26
https://github.com/geoserver/geoserver
26
https://github.com/github/advisory-database
26
https://github.com/bcgit/bc-java
25
https://github.com/pmmp/PocketMine-MP
25
https://github.com/traefik/traefik
25
https://github.com/surrealdb/surrealdb
25
https://github.com/vercel/next.js
25
https://github.com/denoland/deno
25
https://github.com/langchain-ai/langchain
25
https://github.com/vllm-project/vllm
25
https://github.com/hashicorp/consul
24
https://github.com/run-llama/llama_index
24
https://github.com/getgrav/grav
24
https://github.com/pyload/pyload
24
https://github.com/apache/cxf
24
https://github.com/bytecodealliance/wasmtime
23
https://github.com/firefly-iii/firefly-iii
23
https://github.com/dnnsoftware/Dnn.Platform
23
https://github.com/eclipse/jetty.project
23
https://github.com/livehelperchat/livehelperchat
23
https://github.com/PrestaShop/PrestaShop
23
https://github.com/nilsteampassnet/TeamPass
23
https://github.com/moby/moby
23
https://github.com/TYPO3/TYPO3.CMS
23
https://github.com/helm/helm
22
https://github.com/PHPOffice/PhpSpreadsheet
22
https://github.com/jenkinsci/script-security-plugin
22
https://github.com/nervosnetwork/ckb
22
https://github.com/getkirby/kirby
22
https://github.com/laravel/framework
21
https://github.com/goharbor/harbor
21
https://github.com/OpenZeppelin/openzeppelin-contracts
21
https://github.com/undertow-io/undertow
21
https://github.com/hashicorp/vault
21
https://github.com/ethyca/fides
20
https://github.com/jeecgboot/jeecg-boot
20
https://github.com/funadmin/funadmin
20
https://github.com/simplesamlphp/simplesamlphp
20
https://github.com/OpenNMS/opennms
20
https://github.com/opencast/opencast
20
https://github.com/backstage/backstage
19
https://github.com/nilsteampassnet/teampass
19
https://github.com/huggingface/transformers
19
https://github.com/alkacon/opencms-core
19
https://github.com/TYPO3-CMS/core
19
https://github.com/intelliants/subrion
19
https://github.com/containerd/containerd
19
https://github.com/cloudfoundry/uaa
19
https://github.com/apache/camel
18
https://github.com/rubygems/rubygems
18
https://github.com/vaadin/platform
18
https://github.com/OpenMage/magento-lts
18
https://github.com/opencontainers/runc
18
https://github.com/ethereum/go-ethereum
17
https://github.com/mindsdb/mindsdb
17
https://github.com/liufee/cms
17
https://github.com/vantage6/vantage6
17
https://github.com/apache/kylin
17
https://github.com/openfga/openfga
17
https://github.com/etcd-io/etcd
16
https://github.com/tinymce/tinymce
16
https://github.com/pyca/cryptography
16
https://github.com/dotnet/aspnetcore
16
https://github.com/yetiforcecompany/yetiforcecrm
16
https://github.com/sequelize/sequelize
16
https://github.com/hashicorp/nomad
16
https://github.com/quarkusio/quarkus
16
https://github.com/rusqlite/rusqlite
16
https://github.com/forkcms/forkcms
16
https://github.com/vitejs/vite
16
https://github.com/zendframework/zendframework
15
https://github.com/containers/podman
15
https://github.com/dompdf/dompdf
15
https://github.com/decidim/decidim
15
https://github.com/puppetlabs/puppet
15
https://github.com/thorsten/phpMyFAQ
15
https://github.com/spring-projects/spring-security
15
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/PHPMailer/PHPMailer
15
https://github.com/OPCFoundation/UA-.NETStandard
15
https://github.com/xuxueli/xxl-job
15
https://github.com/drupal/core
15
https://github.com/aio-libs/aiohttp
15
https://github.com/nodejs/undici
15
https://github.com/cobbler/cobbler
15
https://github.com/ckeditor/ckeditor4
15
https://github.com/centreon/centreon
15
https://github.com/cockpit-hq/cockpit
14
https://github.com/twisted/twisted
14
https://github.com/ming-soft/MCMS
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/ImageMagick/ImageMagick
14
https://github.com/publify/publify
14
https://github.com/janeczku/calibre-web
14
https://github.com/apache/superset
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/golang/go
14
https://github.com/Graylog2/graylog2-server
14
https://github.com/TryGhost/Ghost
14
https://github.com/urllib3/urllib3
14
https://github.com/cosmos/cosmos-sdk
14
https://github.com/rails/rails-html-sanitizer
14
https://github.com/apache/zeppelin
14
https://github.com/pimcore/admin-ui-classic-bundle
14
https://github.com/openbao/openbao
13
https://github.com/laurent22/joplin
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/OpenRefine/OpenRefine
13
https://github.com/zenml-io/zenml
13
https://github.com/1Panel-dev/1Panel
13
https://github.com/swagger-api/swagger-ui
13
https://github.com/h2oai/h2o-3
13
https://github.com/modoboa/modoboa
13
https://github.com/dromara/hutool
13
https://github.com/apache/dolphinscheduler
13
https://sourceforge.net/projects/phpmyadmin.sourceforge.net
12
https://github.com/smarty-php/smarty
12
https://github.com/DSpace/DSpace
12
https://github.com/getsentry/sentry
12
https://github.com/nats-io/nats-server
12
https://github.com/n8n-io/n8n
12
https://github.com/wagtail/wagtail
12
https://github.com/igniterealtime/Openfire
12