symfony/symfony vulnerabilities

The Symfony PHP framework

Latest version: v5.1.2

Licenses detected

  • license: MIT >= 0
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the symfony/symfony package. This does not include vulnerabilities belonging to this package’s dependencies.

Report new vulnerabilities
Vulnerability Vulnerable versions Snyk patch Published
  • L
Denial of Service
>=4.4.0, <4.4.7,>=5.0.0, <5.0.7 Not available 31 Mar, 2020
  • M
Information Exposure
>=4.4.0, <4.4.4,>=5.0.0, <5.0.4 Not available 31 Mar, 2020
  • H
Improper Authorization
>=4.4.0, <4.4.7,>=5.0.0, <5.0.7 Not available 30 Mar, 2020
  • M
Timing Attack
>=2.8.0, <2.8.52,>=3.4.0, <3.4.35,>=4.2.0, <4.2.12,>=4.3.0, <4.3.8 Not available 22 Nov, 2019
  • H
Arbitrary Code Execution
>=3.4.0, <3.4.35,>=4.2.0, <4.2.12,>=4.3.0, <4.3.8 Not available 22 Nov, 2019
  • H
Arbitrary Code Execution
>=2.8.0, <2.8.52,>=3.4.0, <3.4.35,>=4.2.0, <4.2.11,>=4.3.0, <4.3.8 Not available 22 Nov, 2019
  • H
Arbitrary Code Execution
>=4.2.0, <4.2.12,>=4.3.0, <4.3.8 Not available 22 Nov, 2019
  • M
User Enumeration
>=4.2.0, <4.2.12,>=4.3.0, <4.3.8 Not available 22 Nov, 2019
  • M
Deserialization of Untrusted Data
>=2.8.0, <2.8.50,>=4.0.0, <4.1.0,>=3.4.0, <3.4.26,>=3.1.0, <3.2.0,>=4.1.0, <4.1.12,>=3.0.0, <3.1.0,>=3.3.0, <3.4.0,>=3.2.0, <3.3.0 Not available 24 Apr, 2019
  • M
Arbitrary Code Execution
>=2.7.0, <2.7.51,>=2.8.0, <2.8.50,>=4.0.0, <4.1.0,>=3.4.0, <3.4.26,>=3.1.0, <3.2.0,>=4.1.0, <4.1.12,>=3.0.0, <3.1.0,>=3.3.0, <3.4.0,>=3.2.0, <3.3.0 Not available 24 Apr, 2019
  • M
Improper Input Validation
>=2.7.0, <2.7.51,>=2.8.0, <2.8.50,>=4.0.0, <4.1.0,>=3.4.0, <3.4.26,>=3.1.0, <3.2.0,>=4.1.0, <4.1.12,>=3.0.0, <3.1.0,>=3.3.0, <3.4.0,>=3.2.0, <3.3.0 Not available 24 Apr, 2019
  • M
Cross-site Scripting (XSS)
>=2.7.0, <2.7.51,>=2.8.0, <2.8.50,>=4.0.0, <4.1.0,>=3.4.0, <3.4.26,>=3.1.0, <3.2.0,>=4.1.0, <4.1.12,>=3.0.0, <3.1.0,>=3.3.0, <3.4.0,>=3.2.0, <3.3.0 Not available 24 Apr, 2019
  • M
Access Control Bypass
>=2.7.0, <2.7.51,>=2.8.0, <2.8.50,>=4.0.0, <4.1.0,>=3.4.0, <3.4.26,>=3.1.0, <3.2.0,>=4.1.0, <4.1.12,>=3.0.0, <3.1.0,>=3.3.0, <3.4.0,>=3.2.0, <3.3.0 Not available 24 Apr, 2019
  • M
Open Redirect
>=2.7.0, <2.7.50,>=2.8.0, <2.8.49,>=3.0.0, <3.4.20,>=4.0.0, <4.0.15,>=4.1.0, <4.1.9 Not available 10 Dec, 2018
  • M
Information Exposure
>=2.7.38, <2.7.50,>=2.8.0, <2.8.49,>=3.0.0, <3.4.20,>=4.0.0, <4.0.15,>=4.1.0, <4.1.9,>=4.2.0, <4.2.1 Not available 10 Dec, 2018
  • H
Host Header Injection
<2.7.49,>=2.8.0, <2.8.44,>=3.3.0, <3.3.18,>=3.4.0, <3.4.14,>=4.0.0, <4.0.14,>=4.1.0, <4.1.2 Not available 05 Aug, 2018
  • M
Access Restriction Bypass
>=2.7, <2.7.49,>=2.8, <2.8.44,>=3, <3.3.18,>=3.4, <3.4.14,>=4, <4.0.14,>=4.1, <4.1.3 Not available 02 Aug, 2018
  • M
Cross-site Scripting (XSS)
<2.7.33,>=2.8.0, <2.8.26,>=3.0.0, <3.2.13,>=3.3.0, <3.3.6 Not available 30 Jul, 2018
  • M
Cross-site Scripting (XSS)
<4.1 Not available 14 Jun, 2018
  • M
Cross-site Scripting (XSS)
<2.7.7 Not available 13 Jun, 2018
  • H
Session Fixation
<2.7.48,>=2.8.0, <2.8.41,>=3.0.0, <3.3.17,>=3.4.0, <3.4.11,>=4.0.0, <4.0.11 Not available 30 May, 2018
  • M
Open Redirect
<2.7.48,>=2.8.0, <2.8.41,>=3.0.0, <3.3.17,>=3.4.0, <3.4.11,>=4.0.0, <4.0.11 Not available 30 May, 2018
  • H
CSRF Token Fixation
<2.7.48,>=2.8.0, <2.8.41,>=3.0.0, <3.3.17,>=3.4.0, <3.4.11,>=4.0.0, <4.0.11 Not available 30 May, 2018
  • H
Access Restriction Bypass
<2.8.37,>=3.0.0, <3.3.17,>=3.4.0, <3.4.7,>=4.0.0, <4.0.7 Not available 30 May, 2018
  • M
Denial of Service (DoS)
<2.7.48,>=2.8.0, <2.8.41,>=3.0.0, <3.3.17,>=3.4.0, <3.4.11,>=4.0.0, <4.0.11 Not available 30 May, 2018
  • M
Open Redirect
>=2.7.0, <2.7.38,>=2.8.0, <2.8.31,>=3, <3.1.0,>=3.1.0, <3.2.0,>=3.2.0, <3.2.14,>=3.3.0, <3.3.13,>=3.4-BETA0, <3.4-BETA5,>=4.0-BETA0, <4.0-BETA5 Not available 04 Dec, 2017
  • M
Cross-site Request Forgery (CSRF)
>=2.7.0, <2.7.38,>=2.8.0, <2.8.31,>=3, <3.1.0,>=3.1.0, <3.2.0,>=3.2.0, <3.2.14,>=3.3.0, <3.3.13,>=3.4-BETA0, <3.4-BETA5,>=4.0-BETA0, <4.0-BETA5 Not available 04 Dec, 2017
  • H
Directory Traversal
>=2.7.0, <2.7.38,>=2.8.0, <2.8.31,>=3, <3.1.0,>=3.1.0, <3.2.0,>=3.2.0, <3.2.14,>=3.3.0, <3.3.13,>=3.4-BETA0, <3.4-BETA5,>=4.0-BETA0, <4.0-BETA5 Not available 04 Dec, 2017
  • M
Information Exposure
>=2.7.0, <2.7.38,>=2.8.0, <2.8.31,>=3, <3.1.0,>=3.1.0, <3.2.0,>=3.2.0, <3.2.14,>=3.3.0, <3.3.13,>=3.4-BETA0, <3.4-BETA5,>=4.0-BETA0, <4.0-BETA5 Not available 04 Dec, 2017