Browse all 26 CVE security advisories affecting symfony. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Symfony is an open-source PHP web framework designed to accelerate the development of web applications and APIs. With twenty-six recorded CVEs, its security history reflects typical risks associated with complex server-side logic. Common vulnerability classes include remote code execution, cross-site scripting, and improper access control, often stemming from input validation failures or insecure deserialization practices. The framework’s modular architecture allows developers to integrate security components, yet misconfigurations in routing or session handling have historically led to privilege escalation incidents. Notable security characteristics involve its robust dependency management, which mitigates supply chain risks, though outdated versions remain susceptible to known exploits. Security audits frequently highlight the importance of keeping dependencies updated to prevent exploitation of legacy code paths.
CVE-2025-645002025-11-14CVE-2025-645002025-11-14CVE-2025-645002025-11-14Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with symfony. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.