
symfony/symfony
packagist · The Symfony PHP framework · Repository · Package
Security Advisories for symfony/symfony in packagist
High
11 months ago
Symfony vulnerable to command execution hijack on Windows with Process class
packagist
symfony/symfony, symfony/process
Low
11 months ago
Symfony has an incorrect response from Validator when input ends with `\n`
packagist
symfony/validator, symfony/symfony
Low
11 months ago
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
packagist
symfony/symfony, symfony/http-client
Low
11 months ago
Symfony's `Security::login` does not take into account custom `user_checker`
packagist
symfony/symfony, symfony/security-bundle
Moderate
11 months ago
Symfony allows changing the environment through a query
packagist
symfony/symfony, symfony/runtime
High
over 1 year ago
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
packagist
symfony/web-profiler-bundle, symfony/symfony
Critical
over 1 year ago
Symfony XML decoding attack vector through external entities
packagist
symfony/symfony
Moderate
over 1 year ago
Symfony may allow a user to switch to using another user's identity
packagist
symfony/symfony
High
over 1 year ago
Symfony allows direct access of ESI URLs behind a trusted proxy
packagist
symfony/symfony, symfony/http-kernel
Moderate
over 1 year ago
Symfony has unsafe methods in the Request class
packagist
symfony/symfony, symfony/http-foundation
Moderate
over 1 year ago
Symfony has a security issue when parsing the Authorization header
packagist
symfony/symfony, symfony/http-foundation
High
over 1 year ago
Symfony vulnerable to denial of service via a malicious HTTP Host header
packagist
symfony/symfony, symfony/http-foundation
Moderate
over 1 year ago
Symfony2 security issue when the trust proxy mode is enabled
packagist
symfony/symfony, symfony/http-foundation
High
over 1 year ago
Code injection in the way Symfony implements translation caching in FrameworkBundle
packagist
symfony/symfony, symfony/framework-bundle
Moderate
almost 2 years ago
Symfony potential Cross-site Scripting in WebhookController
packagist
symfony/symfony, symfony/webhook
Moderate
almost 2 years ago
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
packagist
symfony/symfony, symfony/twig-bridge
Moderate
almost 2 years ago
Symfony possible session fixation vulnerability
packagist
symfony/symfony, symfony/security-http
Moderate
over 2 years ago
Symfony storing cookie headers in HttpCache
packagist
symfony/symfony, symfony/http-kernel
Moderate
over 2 years ago
Symfony vulnerable to Session Fixation of CSRF tokens
packagist
symfony/symfony, symfony/security-bundle
Critical
over 3 years ago
Symfony Incorrect Access Control
packagist
symfony/symfony, symfony/security, symfony/security-core
Moderate
over 3 years ago
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
packagist
symfony/symfony, symfony/security, symfony/routing, symfony/http-foundation
Moderate
over 3 years ago
Symfony Denial of Service Via Long Password Hashing
packagist
symfony/security, symfony/polyfill, symfony/symfony
High
over 3 years ago
Symfony Cryptographic Vulnerability
packagist
symfony/symfony, symfony/security, symfony/security-core
High
over 3 years ago
Symphony Denial of Service Via Overlong Usernames
packagist
symfony/symfony, symfony/security, symfony/security-http
Moderate
over 3 years ago
Symfony Vulnerable to PHP Eval Injection
packagist
symfony/http-kernel, symfony/symfony
High
over 3 years ago
Symfony Vulnerable to Timing Attack
packagist
symfony/symfony, symfony/security, symfony/security-http, symfony/form
Moderate
over 3 years ago
Symfony Incorrect Access Control
packagist
symfony/http-kernel, symfony/symfony
High
over 3 years ago
Symphony Vulnerable to PHP Code Injection via YAML Parsing
packagist
symfony/yaml, symfony/symfony
Critical
over 3 years ago
Symfony Authentication Bypass
packagist
symfony/symfony, symfony/security, symfony/security-core
Critical
over 3 years ago
Symfony Authentication Bypass
packagist
symfony/symfony, symfony/security, symfony/security-core
Moderate
over 3 years ago
Symfony SSRF Vulnerability via Form Component
packagist
symfony/symfony, symfony/form
Moderate
over 3 years ago
Symfony Open Redirect
packagist
symfony/symfony, symfony/security, symfony/security-http
Moderate
over 3 years ago
Symfony CSRF Vulnerability
packagist
symfony/symfony, symfony/security, symfony/security-csrf
Moderate
over 3 years ago
Symfony Host Header Injection vulnerability in the HttpFoundation component
packagist
symfony/symfony
High
over 3 years ago
Symfony Http-Kernel has non-constant time comparison in UriSigner
packagist
symfony/symfony, symfony/http-kernel
Moderate
almost 4 years ago
Cookie persistence after password changes in symfony/security-bundle
packagist
symfony/symfony
Moderate
over 4 years ago
Authentication granted to all firewalls instead of just one
packagist
symfony/symfony, symfony/security-http
Moderate
over 4 years ago
Prevent user enumeration using Guard or the new Authenticator-based Security
packagist
symfony/symfony, symfony/security, symfony/security-http, symfony/maker-bundle, lexik/jwt-authentication-bundle, symfony/security-core, symfony/security-guard
High
over 5 years ago
Firewall configured with unanimous strategy was not actually unanimous in Symfony
packagist
symfony/symfony
Moderate
over 5 years ago
Exceptions displayed in non-debug configurations in Symfony
packagist
symfony/symfony, symfony/error-handler
Low
over 5 years ago
Prevent cache poisoning via a Response Content-Type header in Symfony
packagist
symfony/symfony
High
over 5 years ago
Improper authentication in Symfony
packagist
symfony/symfony, symfony/security, symfony/security-http
Critical
over 5 years ago
Improper Input Validation in Symfony
packagist
symfony/var-exporter, symfony/symfony
Moderate
almost 6 years ago
User enumeration leak using switch user functionality in Symfony
packagist
symfony/symfony, symfony/security-http
High
almost 6 years ago
Argument injection in a MimeTypeGuesser in Symfony
packagist
symfony/symfony, symfony/mime, symfony/http-foundation
Critical
almost 6 years ago
Symfony Unsafe Cache Serialization Could Enable RCE
packagist
symfony/symfony, symfony/cache