Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist

symfony/symfony

packagist · The Symfony PHP framework · Repository · Package

Security Advisories for symfony/symfony in packagist

High
11 months ago

Symfony vulnerable to command execution hijack on Windows with Process class GSA_kwCzR0hTQS1xcTVjLTY3N3AtNzM3cc4ABBBg

packagist symfony/symfony, symfony/process
Low
11 months ago

Symfony has an incorrect response from Validator when input ends with `\n` GSA_kwCzR0hTQS1nM3JoLXJyaHAtamhoOc4ABBBe

packagist symfony/validator, symfony/symfony
Low
11 months ago

Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient GSA_kwCzR0hTQS05YzN4LXIzd3AtbWd4bc4ABBBd

packagist symfony/symfony, symfony/http-client
Low
11 months ago

Symfony's `Security::login` does not take into account custom `user_checker` GSA_kwCzR0hTQS1qeGdyLTN2N3EtM3c5ds4ABBBc

packagist symfony/symfony, symfony/security-bundle
Moderate
11 months ago

Symfony allows changing the environment through a query GSA_kwCzR0hTQS14OHZwLWdmNHEtbXc1as4ABBBb

packagist symfony/symfony, symfony/runtime
High
over 1 year ago

Symfony Cross-Site Request Forgery vulnerability in the Web Profiler GSA_kwCzR0hTQS12MzVnLTRycnctaDRmd84AA8jj

packagist symfony/web-profiler-bundle, symfony/symfony
Moderate
over 1 year ago

Symfony2 improper IP based access control GSA_kwCzR0hTQS1oeDUzLWpjaHgtY3I1Ms4AA8ji

packagist symfony/symfony
High
over 1 year ago

Symfony XML Entity Expansion security vulnerability GSA_kwCzR0hTQS1xMmdjLWdnM3gtNzk0Ms4AA8jh

packagist symfony/symfony
Critical
over 1 year ago

Symfony XML decoding attack vector through external entities GSA_kwCzR0hTQS1tbWN2LWZ2cTgtcjl4M84AA8jg

packagist symfony/symfony
Moderate
over 1 year ago

Symfony may allow a user to switch to using another user's identity GSA_kwCzR0hTQS03bXgyLTdxOHAtcGdtd84AA8jf

packagist symfony/symfony
High
over 1 year ago

Symfony allows direct access of ESI URLs behind a trusted proxy GSA_kwCzR0hTQS13dmp2LXA1cnItbW1xbc4AA8jc

packagist symfony/symfony, symfony/http-kernel
Moderate
over 1 year ago

Symfony has unsafe methods in the Request class GSA_kwCzR0hTQS1wNjg0LWY3ZmgtanYyas4AA8jb

packagist symfony/symfony, symfony/http-foundation
Moderate
over 1 year ago

Symfony has a security issue when parsing the Authorization header GSA_kwCzR0hTQS1oN3YyLTJxd2ctaDgyOc4AA8ja

packagist symfony/symfony, symfony/http-foundation
High
over 1 year ago

Symfony vulnerable to denial of service via a malicious HTTP Host header GSA_kwCzR0hTQS12Nzd2LXg2MzQtOW01Ns4AA8jZ

packagist symfony/symfony, symfony/http-foundation
Moderate
over 1 year ago

Symfony2 security issue when the trust proxy mode is enabled GSA_kwCzR0hTQS12Zm02LXIyZ2MtcHd3d84AA8jY

packagist symfony/symfony, symfony/http-foundation
High
over 1 year ago

Code injection in the way Symfony implements translation caching in FrameworkBundle GSA_kwCzR0hTQS13ZnY3LTV4MzMtdjIyaM4AA8jX

packagist symfony/symfony, symfony/framework-bundle
Moderate
almost 2 years ago

Symfony potential Cross-site Scripting in WebhookController GSA_kwCzR0hTQS03MngyLTVjODUtNndtcs4AA3Cz

packagist symfony/symfony, symfony/webhook
Moderate
almost 2 years ago

Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters GSA_kwCzR0hTQS1xODQ3LTJxNTctd21yM84AA3Cy

packagist symfony/symfony, symfony/twig-bridge
Moderate
almost 2 years ago

Symfony possible session fixation vulnerability GSA_kwCzR0hTQS1tMndqLXI2ZzMtZnhmeM4AA3Cx

packagist symfony/symfony, symfony/security-http
Moderate
over 2 years ago

Symfony storing cookie headers in HttpCache GSA_kwCzR0hTQS1oN3ZmLTV3cnYtOWZods4AAxVO

packagist symfony/symfony, symfony/http-kernel
Moderate
over 2 years ago

Symfony vulnerable to Session Fixation of CSRF tokens GSA_kwCzR0hTQS0zZ3YyLTI5cWMtdjY3bc4AAxVN

packagist symfony/symfony, symfony/security-bundle
Critical
over 3 years ago

Symfony Incorrect Access Control GSA_kwCzR0hTQS1xODd2LXE4ZnctZ21qNc4AAgyh

packagist symfony/symfony, symfony/security, symfony/security-core
Moderate
over 3 years ago

Symfony Access Control Vulnerability GSA_kwCzR0hTQS04OWNwLWZ2Y2MtaHhoN84AAfYj

packagist symfony/symfony
Moderate
over 3 years ago

Symfony Allows URI Restrictions Bypass Via Double-Encoded String GSA_kwCzR0hTQS04M2MzLXF4MjctMnJ3cs4AAfXs

packagist symfony/symfony, symfony/security, symfony/routing, symfony/http-foundation
Moderate
over 3 years ago

Symfony Denial of Service Via Long Password Hashing GSA_kwCzR0hTQS1jcjQ5LWZ4MnYtOXA1N84AAd7g

packagist symfony/security, symfony/polyfill, symfony/symfony
High
over 3 years ago

Symfony Cryptographic Vulnerability GSA_kwCzR0hTQS1qang1LWZxNWctOHhwY84AAdU8

packagist symfony/symfony, symfony/security, symfony/security-core
High
over 3 years ago

Symphony Denial of Service Via Overlong Usernames GSA_kwCzR0hTQS13aGd2LThjZzMtN2hjbc4AAdU9

packagist symfony/symfony, symfony/security, symfony/security-http
Moderate
over 3 years ago

Symfony Vulnerable to PHP Eval Injection GSA_kwCzR0hTQS01YzU4LXc5eGMtcWNqOc4AAc0N

packagist symfony/http-kernel, symfony/symfony
High
over 3 years ago

Symfony Vulnerable to Timing Attack GSA_kwCzR0hTQS1nOTdjLWpmeDYteHZ4aM4AAcl9

packagist symfony/symfony, symfony/security, symfony/security-http, symfony/form
Moderate
over 3 years ago

Symfony Incorrect Access Control GSA_kwCzR0hTQS1xbXF3LW1wcXAtbXI1NM4AAcRE

packagist symfony/http-kernel, symfony/symfony
High
over 3 years ago

Symphony Vulnerable to PHP Code Injection via YAML Parsing GSA_kwCzR0hTQS0ycjVoLTZyN3YtNW03Y84AAZ6g

packagist symfony/yaml, symfony/symfony
High
over 3 years ago

Symfony Arbitrary PHP code Execution GSA_kwCzR0hTQS03dzUzLWhmcHctcmczZ84AAZ60

packagist symfony/yaml, symfony/symfony
Critical
over 3 years ago

Symfony Authentication Bypass GSA_kwCzR0hTQS0zNWM1LTI4cGctMnFnNM4AAWke

packagist symfony/symfony, symfony/security, symfony/security-core
Critical
over 3 years ago

Symfony Authentication Bypass GSA_kwCzR0hTQS13dmo1LXI3OHItaGhmcc4AAWjw

packagist symfony/symfony, symfony/security, symfony/security-core
Low
over 3 years ago

Symfony Session Fixation Vulnerability GSA_kwCzR0hTQS1qNWpoLWhwcjQtaDMzMs4AAV_7

packagist symfony/symfony
Moderate
over 3 years ago

Symfony SSRF Vulnerability via Form Component GSA_kwCzR0hTQS1jcXFoLTk0cjYtd2pyZ84AAV2m

packagist symfony/symfony, symfony/form
High
over 3 years ago

Symfony Host Header Injection GSA_kwCzR0hTQS02NnA2LTdwMjktNTVwOc4AAVWh

packagist symfony/symfony
High
over 3 years ago

Symfony Session Fixation Vulnerability GSA_kwCzR0hTQS1nNHJnLXJ3NjUtOGhmZ84AAT6-

packagist symfony/symfony
Moderate
over 3 years ago

Symfony Open Redirect GSA_kwCzR0hTQS1yN3A3LXFyN3AtMnJyZs4AAT52

packagist symfony/symfony
High
over 3 years ago

Symfony Directory Traversal GSA_kwCzR0hTQS1jNDlyLThnajYtNzY4cs4AAT5H

packagist symfony/symfony, symfony/intl
Moderate
over 3 years ago

Symfony Open Redirect GSA_kwCzR0hTQS03aHdjLTJjcTQtNngyd84AAT5V

packagist symfony/symfony
Moderate
over 3 years ago

Symfony DoS GSA_kwCzR0hTQS1yMnJxLTNoNTYtZnFtNM4AATu7

packagist symfony/symfony
High
over 3 years ago

Symfony CSRF Token Fixation GSA_kwCzR0hTQS1nNGc3LXE3MjYtdjVoZ84AATux

packagist symfony/symfony
Moderate
over 3 years ago

Symfony Open Redirect GSA_kwCzR0hTQS04OXIyLTVnMzQtMmc0N84AATfR

packagist symfony/symfony, symfony/security, symfony/security-http
Moderate
over 3 years ago

Symfony Path Disclosure GSA_kwCzR0hTQS14M2NmLXc2NHgtNGNwMs4AATfM

packagist symfony/symfony
Moderate
over 3 years ago

Symfony CSRF Vulnerability GSA_kwCzR0hTQS05Mng2LWgyZ3ItOGd4cc4AASJF

packagist symfony/symfony, symfony/security, symfony/security-csrf
Moderate
over 3 years ago

Symfony Host Header Injection vulnerability in the HttpFoundation component GSA_kwCzR0hTQS0yMnB2LTd2OWotaHF4cM3grg

packagist symfony/symfony
High
over 3 years ago

Symfony Http-Kernel has non-constant time comparison in UriSigner GSA_kwCzR0hTQS1xOGhnLXBmOHYtY3hyds02BA

packagist symfony/symfony, symfony/http-kernel
Moderate
almost 4 years ago

CSV Injection in symfony/serializer GSA_kwCzR0hTQS0yeGhnLXcyZzUtdzk1eM0YGA

packagist symfony/symfony
Moderate
almost 4 years ago

Cookie persistence after password changes in symfony/security-bundle GSA_kwCzR0hTQS1xdzM2LXA5N3ctdmNxcs0YFw

packagist symfony/symfony
Moderate
almost 4 years ago

Webcache Poisoning in symfony/http-kernel GSA_kwCzR0hTQS1xM2ozLXczN3gtaHEycc0YFQ

packagist symfony/symfony
Moderate
over 4 years ago

Authentication granted to all firewalls instead of just one MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmY2YtbTY3bS1qY3Jx

packagist symfony/symfony, symfony/security-http
Moderate
over 4 years ago

Prevent user enumeration using Guard or the new Authenticator-based Security MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwdjgtcHB2ai00aDY4

packagist symfony/symfony, symfony/security, symfony/security-http, symfony/maker-bundle, lexik/jwt-authentication-bundle, symfony/security-core, symfony/security-guard
High
about 5 years ago

RCE in Symfony MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1NGgtNXIyNy03eDNy

packagist symfony/symfony, symfony/http-kernel
High
over 5 years ago

Firewall configured with unanimous strategy was not actually unanimous in Symfony MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0bTktNWhwZi1oeDcy

packagist symfony/symfony
Moderate
over 5 years ago

Exceptions displayed in non-debug configurations in Symfony MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04ODQtMjc5aC0zMnYy

packagist symfony/symfony, symfony/error-handler
Low
over 5 years ago

Prevent cache poisoning via a Response Content-Type header in Symfony MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1jeDQtZjVmNS00ODU5

packagist symfony/symfony
High
over 5 years ago

Improper authentication in Symfony MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjaHgtbWZyYy1md3Fy

packagist symfony/symfony, symfony/security, symfony/security-http
Critical
over 5 years ago

Improper Input Validation in Symfony MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cmMtcngyNS04bTg2

packagist symfony/var-exporter, symfony/symfony
Moderate
almost 6 years ago

User enumeration leak using switch user functionality in Symfony MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2cGMtNWp4NC1jZnFn

packagist symfony/symfony, symfony/security-http
High
almost 6 years ago

Argument injection in a MimeTypeGuesser in Symfony MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoaDYtOTU2cS00cTY5

packagist symfony/symfony, symfony/mime, symfony/http-foundation
Critical
almost 6 years ago

Symfony Unsafe Cache Serialization Could Enable RCE MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5Z3ItNThyMy1wd20z

packagist symfony/symfony, symfony/cache

Filter by Severity

Moderate 31 High 20 Critical 6 Low 5