Filters
Versions
2.8.0
21
2.7.0
18
3.4.0
15
3.3.0
12
4.2.0
12
2.0.0
11
4.0.0
10
4.1.0
10
5.0.0
8
2.0.1
6
2.0.10
6
2.0.11
6
2.0.12
6
2.0.13
6
2.0.14
6
2.0.15
6
2.0.16
6
2.0.17
6
2.0.18
6
2.0.19
6
2.0.2
6
2.0.3
6
2.0.4
6
2.0.5
6
2.0.6
6
2.0.7
6
2.0.8
6
2.0.9
6
2.1.0
6
2.0.20
5
2.2.0
5
2.3.0
5
2.6.0
5
2.6.1
5
2.6.3
5
2.6.4
5
2.6.5
5
3.0.0
5
4.3.0
5
6.0.0
5
2.0.21
4
2.1.1
4
2.1.2
4
2.1.3
4
2.3.19
4
2.3.20
4
2.3.21
4
2.3.22
4
2.3.23
4
2.3.24
4
2.3.25
4
2.3.26
4
2.6.6
4
2.6.7
4
2.7.1
4
2.7.2
4
2.7.3
4
2.7.4
4
2.7.5
4
2.7.6
4
4.2.11
4
4.3.7
4
4.4.0
4
2.1.4
3
2.1.5
3
2.1.6
3
2.2.1
3
2.2.2
3
2.2.3
3
2.2.4
3
2.2.5
3
2.2.6
3
2.2.8
3
2.3.1
3
2.3.2
3
2.3.27
3
2.3.28
3
2.3.3
3
2.3.4
3
2.3.5
3
2.6.10
3
2.6.11
3
2.6.2
3
2.6.8
3
2.6.9
3
2.7.37
3
3.2.0
3
3.2.13
3
3.3.12
3
3.4.34
3
1.4.0
2
1.4.0-rc1
2
1.4.0-rc2
2
1.4.1
2
1.4.10
2
1.4.11
2
1.4.12
2
1.4.13
2
1.4.14
2
1.4.15
2
1.4.16
2
1.4.17
2
1.4.2
2
1.4.3
2
1.4.4
2
1.4.5
2
1.4.6
2
1.4.7
2
1.4.8
2
1.4.9
2
2.0.22
2
2.1.7
2
2.2-dev
2
2.2.10
2
2.2.11
2
2.2.9
2
2.3.10
2
2.3.11
2
2.3.12
2
2.3.13
2
2.3.14
2
2.3.15
2
2.3.16
2
2.3.17
2
2.3.18
2
2.3.29
2
2.3.30
2
2.3.31
2
2.3.32
2
2.3.33
2
2.3.34
2
2.3.6
2
2.3.7
2
2.3.8
2
2.3.9
2
2.4.10
2
2.4.9
2
2.5.10
2
2.5.4
2
2.5.5
2
2.5.6
2
2.5.7
2
2.5.8
2
2.5.9
2
2.7.48
2
2.7.7
2
2.7.8
2
2.8.1
2
2.8.2
2
2.8.3
2
2.8.4
2
2.8.43
2
2.8.5
2
2.8.50
2
3.0.1
2
3.0.2
2
3.0.3
2
3.0.4
2
3.0.5
2
3.3.17
2
3.4.13
2
3.8.0
2
3.8.30
2
4.0.13
2
4.1.2
2
5.3.0
2
6.1.0
2
6.2.0
2
1.4.18
1
1.4.19
1
2.0.23
1
2.0.24
1
2.1.10
1
2.1.11
1
2.1.12
1
2.1.8
1
2.1.9
1
2.3.36
1
2.3.40
1
2.4.1
1
2.4.2
1
2.4.3
1
2.4.4
1
2.4.5
1
2.4.6
1
2.4.7
1
2.4.8
1
2.5.1
1
2.5.11
1
2.5.2
1
2.5.3
1
2.6.12
1
2.7.10
1
2.7.11
1
2.7.12
1
2.7.30
1
2.7.9
1
2.8.23
1
2.8.30
1
3.2.10
1
3.3.3
1
3.3.6
1
5.1.0
1
5.2.0
1
5.4.0
1
5.4.21
1
6.2.7
1
composer/symfony/symfonySymfony potential Cross-site Scripting in WebhookController
6.1
First published (updated )
SensioLabs SymfonySymfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
6.1
First published (updated )
composer/symfony/symfonySymfony possible session fixation vulnerability
6.5
First published (updated )
SensioLabs SymfonySymfony vulnerable to Session Fixation of CSRF tokens
8.8
First published (updated )
SensioLabs SymfonySymfony storing cookie headers in HttpCache
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/symfony/framework-bundleCSRF token missing in Symfony
8.8
First published (updated )
composer/symfony/symfonyCookie persistence in Symfony
8.8
First published (updated )
composer/symfony/http-kernelWebcache Poisoning in Symfony
6.5
First published (updated )
composer/symfony/security-httpAuthentication granted with multiple firewalls
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/symfony/symfonyPrevent user enumeration using Guard or the new Authenticator-based Security
5.3
First published (updated )
composer/symfony/security-httpFirewall configured with unanimous strategy was not actually unanimous in symfony/security-http
8.1
First published (updated )
composer/symfony/http-foundationPrevent cache poisoning via a Response Content-Type header
4.3
First published (updated )
composer/symfony/symfonyExceptions displayed in non-debug configurations in Symfony
5.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
SensioLabs SymfonyCVE-2019-18886: Prevent user enumeration using switch user functionality
5.3
First published (updated )
composer/symfony/symfonyCVE-2019-18887: Use constant time comparison in UriSigner
8.1
First published (updated )
SensioLabs SymfonyCVE-2019-11325: Fix escaping of strings in VarExporter
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/symfony/dependency-injectionSQL Injection
9.8
First published (updated )
composer/symfony/symfonyPossible deserialization side-effects in symfony/cache
7.1
First published (updated )
SensioLabs SymfonyCVE-2019-10911: Add a separator in the remember me cookie hash
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/symfony/securityCVE-2018-19790: Open Redirect Vulnerability on login
6.1
First published (updated )
composer/symfony/http-foundationCVE-2018-14773: Remove support for legacy and risky HTTP headers
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/symfony/symfonyCVE-2018-11385: Session Fixation Issue for Guard Authentication
8.1
First published (updated )
composer/symfony/securityCVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password
9.8
First published (updated )
composer/symfony/symfonyCVE-2018-11408: Open redirect vulnerability on security handlers
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/symfony/symfonyCVE-2018-11386: Denial of service when using PDOSessionHandler
5.9
First published (updated )
composer/symfony/symfonyCVE-2017-16652: Open redirect vulnerability on security handlers
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/symfony/security-coreCVE-2017-11365: Empty passwords validation issue
9.8
First published (updated )
SensioLabs SymfonyCVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password
9.8
First published (updated )
SensioLabs SymfonyCVE-2016-4423: Large username storage in session
7.5
First published (updated )
SensioLabs SymfonyCVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
SensioLabs SymfonyCVE-2015-8124: Session Fixation in the "Remember Me" Login Feature
6.8
First published (updated )
SensioLabs SymfonyCVE-2015-4050: ESI unauthorized access
4.3
First published (updated )
SensioLabs SymfonyPossible DOS attack with long user-submitted passwords
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.