Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

symfony — Vulnerabilities & Security Advisories 24

All 24 CVE vulnerabilities found in symfony, with AI-generated Chinese analysis, references, and POCs.

Vendor: symfony

CVE IDTitleCVSSSeverityPublished
CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations CWE-88 6.3 Medium2026-01-28
CVE-2025-64500 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass CWE-647 7.3 High2025-11-12
CVE-2024-51996 Symphony has an Authentication Bypass via RememberMe CWE-287 7.5 High2024-11-13
CVE-2024-50340 Ability to change environment from query in symfony/runtime CWE-74 7.3 High2024-11-06
CVE-2024-50341 Security::login does not take into account custom user_checker in symfony/security-bundle CWE-287 3.1 Low2024-11-06
CVE-2024-50342 Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client CWE-200 3.1 Low2024-11-06
CVE-2024-50343 Incorrect response from Validator when input ends with `\n` in symfony/validator CWE-20 3.1 Low2024-11-06
CVE-2024-50345 Open redirect via browser-sanitized URLs in symfony/http-foundation CWE-601 3.1 Low2024-11-06
CVE-2024-51736 Command execution hijack on Windows with Process class in symfony/process CWE-77--2024-11-06
CVE-2023-46735 Symfony potential Cross-site Scripting in WebhookController CWE-79 6.1 Medium2023-11-10
CVE-2023-46734 Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters CWE-79 6.1 Medium2023-11-10
CVE-2023-46733 Symfony possible session fixation vulnerability CWE-384 6.5 Medium2023-11-10
CVE-2022-24894 Symfony storing cookie headers in HttpCache CWE-285 5.9 Medium2023-02-03
CVE-2022-24895 Symfony vulnerable to Session Fixation of CSRF tokens CWE-384 6.3 Medium2023-02-03
CVE-2022-23601 CSRF token missing in Symfony CWE-352 8.1 High2022-02-01
CVE-2021-41270 CSV Injection in Symfony CWE-1236 6.5 Medium2021-11-24
CVE-2021-41267 Webcache Poisoning in Symfony CWE-444 6.5 Medium2021-11-24
CVE-2021-41268 Cookie persistence in Symfony CWE-384 6.5 Medium2021-11-24
CVE-2021-32693 Authentication granted with multiple firewalls CWE-287 6.8 Medium2021-06-17
CVE-2021-21424 Prevent user enumeration using Guard or the new Authenticator-based Security CWE-200 5.3 Medium2021-05-13
CVE-2020-15094 RCE in Symfony CWE-212 8.0 High2020-09-02
CVE-2020-5275 Firewall configured with unanimous strategy was not actually unanimous in symfony/security-http CWE-285 7.6 High2020-03-30
CVE-2020-5274 Exceptions displayed in non-debug configurations in Symfony CWE-209 4.6 Medium2020-03-30
CVE-2020-5255 Prevent cache poisoning via a Response Content-Type header CWE-435 2.6 Low2020-03-30

All 24 known CVE vulnerabilities affecting symfony with full Chinese analysis, references, and POCs where available.