Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

symfony — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting symfony. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Symfony is an open-source PHP web framework designed to accelerate the development of web applications and APIs. With twenty-six recorded CVEs, its security history reflects typical risks associated with complex server-side logic. Common vulnerability classes include remote code execution, cross-site scripting, and improper access control, often stemming from input validation failures or insecure deserialization practices. The framework’s modular architecture allows developers to integrate security components, yet misconfigurations in routing or session handling have historically led to privilege escalation incidents. Notable security characteristics involve its robust dependency management, which mitigates supply chain risks, though outdated versions remain susceptible to known exploits. Security audits frequently highlight the importance of keeping dependencies updated to prevent exploitation of legacy code paths.

Top products by symfony: symfony ux-autocomplete ux
CVE IDTitleCVSSSeverityPublished
CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations — symfonyCWE-88 6.3 Medium2026-01-28
CVE-2025-64500 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass — symfonyCWE-647 7.3 High2025-11-12
CVE-2025-47946 symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes — uxCWE-79 6.1 Medium2025-05-19
CVE-2024-51996 Symphony has an Authentication Bypass via RememberMe — symfonyCWE-287 7.5 High2024-11-13
CVE-2024-50340 Ability to change environment from query in symfony/runtime — symfonyCWE-74 7.3 High2024-11-06
CVE-2024-50341 Security::login does not take into account custom user_checker in symfony/security-bundle — symfonyCWE-287 3.1 Low2024-11-06
CVE-2024-50342 Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client — symfonyCWE-200 3.1 Low2024-11-06
CVE-2024-50343 Incorrect response from Validator when input ends with `\n` in symfony/validator — symfonyCWE-20 3.1 Low2024-11-06
CVE-2024-50345 Open redirect via browser-sanitized URLs in symfony/http-foundation — symfonyCWE-601 3.1 Low2024-11-06
CVE-2024-51736 Command execution hijack on Windows with Process class in symfony/process — symfonyCWE-77--2024-11-06
CVE-2023-46735 Symfony potential Cross-site Scripting in WebhookController — symfonyCWE-79 6.1 Medium2023-11-10
CVE-2023-46734 Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters — symfonyCWE-79 6.1 Medium2023-11-10
CVE-2023-46733 Symfony possible session fixation vulnerability — symfonyCWE-384 6.5 Medium2023-11-10
CVE-2023-41336 Prevent injection of invalid entity ids for "autocomplete" fields in symfony ux-autocomplete — ux-autocompleteCWE-20 6.5 Medium2023-09-11
CVE-2022-24894 Symfony storing cookie headers in HttpCache — symfonyCWE-285 5.9 Medium2023-02-03
CVE-2022-24895 Symfony vulnerable to Session Fixation of CSRF tokens — symfonyCWE-384 6.3 Medium2023-02-03
CVE-2022-23601 CSRF token missing in Symfony — symfonyCWE-352 8.1 High2022-02-01
CVE-2021-41270 CSV Injection in Symfony — symfonyCWE-1236 6.5 Medium2021-11-24
CVE-2021-41267 Webcache Poisoning in Symfony — symfonyCWE-444 6.5 Medium2021-11-24
CVE-2021-41268 Cookie persistence in Symfony — symfonyCWE-384 6.5 Medium2021-11-24
CVE-2021-32693 Authentication granted with multiple firewalls — symfonyCWE-287 6.8 Medium2021-06-17
CVE-2021-21424 Prevent user enumeration using Guard or the new Authenticator-based Security — symfonyCWE-200 5.3 Medium2021-05-13
CVE-2020-15094 RCE in Symfony — symfonyCWE-212 8.0 High2020-09-02
CVE-2020-5275 Firewall configured with unanimous strategy was not actually unanimous in symfony/security-http — symfonyCWE-285 7.6 High2020-03-30
CVE-2020-5274 Exceptions displayed in non-debug configurations in Symfony — symfonyCWE-209 4.6 Medium2020-03-30
CVE-2020-5255 Prevent cache poisoning via a Response Content-Type header — symfonyCWE-435 2.6 Low2020-03-30

This page lists every published CVE security advisory associated with symfony. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.