Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

symfony — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting symfony. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by symfony:symfonyux-autocompleteux
CVE IDTitleCVSSSeverityPublished
CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations — symfonyCWE-88 6.3 Medium2026-01-28
CVE-2025-64500 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass — symfonyCWE-647 7.3 High2025-11-12
CVE-2025-47946 symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes — uxCWE-79 6.1 Medium2025-05-19
CVE-2024-51996 Symphony has an Authentication Bypass via RememberMe — symfonyCWE-287 7.5 High2024-11-13
CVE-2024-50340 Ability to change environment from query in symfony/runtime — symfonyCWE-74 7.3 High2024-11-06
CVE-2024-50341 Security::login does not take into account custom user_checker in symfony/security-bundle — symfonyCWE-287 3.1 Low2024-11-06
CVE-2024-50342 Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client — symfonyCWE-200 3.1 Low2024-11-06
CVE-2024-50343 Incorrect response from Validator when input ends with `\n` in symfony/validator — symfonyCWE-20 3.1 Low2024-11-06
CVE-2024-50345 Open redirect via browser-sanitized URLs in symfony/http-foundation — symfonyCWE-601 3.1 Low2024-11-06
CVE-2024-51736 Command execution hijack on Windows with Process class in symfony/process — symfonyCWE-77--2024-11-06
CVE-2023-46735 Symfony potential Cross-site Scripting in WebhookController — symfonyCWE-79 6.1 Medium2023-11-10
CVE-2023-46734 Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters — symfonyCWE-79 6.1 Medium2023-11-10
CVE-2023-46733 Symfony possible session fixation vulnerability — symfonyCWE-384 6.5 Medium2023-11-10
CVE-2023-41336 Prevent injection of invalid entity ids for "autocomplete" fields in symfony ux-autocomplete — ux-autocompleteCWE-20 6.5 Medium2023-09-11
CVE-2022-24894 Symfony storing cookie headers in HttpCache — symfonyCWE-285 5.9 Medium2023-02-03
CVE-2022-24895 Symfony vulnerable to Session Fixation of CSRF tokens — symfonyCWE-384 6.3 Medium2023-02-03
CVE-2022-23601 CSRF token missing in Symfony — symfonyCWE-352 8.1 High2022-02-01
CVE-2021-41270 CSV Injection in Symfony — symfonyCWE-1236 6.5 Medium2021-11-24
CVE-2021-41267 Webcache Poisoning in Symfony — symfonyCWE-444 6.5 Medium2021-11-24
CVE-2021-41268 Cookie persistence in Symfony — symfonyCWE-384 6.5 Medium2021-11-24
CVE-2021-32693 Authentication granted with multiple firewalls — symfonyCWE-287 6.8 Medium2021-06-17
CVE-2021-21424 Prevent user enumeration using Guard or the new Authenticator-based Security — symfonyCWE-200 5.3 Medium2021-05-13
CVE-2020-15094 RCE in Symfony — symfonyCWE-212 8.0 High2020-09-02
CVE-2020-5275 Firewall configured with unanimous strategy was not actually unanimous in symfony/security-http — symfonyCWE-285 7.6 High2020-03-30
CVE-2020-5274 Exceptions displayed in non-debug configurations in Symfony — symfonyCWE-209 4.6 Medium2020-03-30
CVE-2020-5255 Prevent cache poisoning via a Response Content-Type header — symfonyCWE-435 2.6 Low2020-03-30

This page lists every published CVE security advisory associated with symfony. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.