FLAT-NYA4F (CVE-2026-47212)
Authentication mechanism absence or evasion In symfony/symfony
4.6
Medium
Ecosystem: Packagist
Package: symfony/symfony
FLAT-UOWS6 (CVE-2026-46644)
Lack of data validation - Path Traversal In symfony/polyfill-intl-idn
2.7
Low
Ecosystem: Packagist
Package: symfony/polyfill-intl-idn
FLAT-KRBJF (CVE-2026-45756)
Asymmetric denial of service - ReDoS In symfony/json-path
2.7
Low
Ecosystem: Packagist
Package: symfony/json-path
FLAT-LVZ32 (CVE-2026-45755)
Insufficient data authenticity validation In symfony/mailtrap-mailer
6.6
Medium
Ecosystem: Packagist
Package: symfony/mailtrap-mailer
FLAT-V1Y53 (CVE-2026-45754)
Authentication mechanism absence or evasion In symfony/mailjet-mailer
6.6
Medium
Ecosystem: Packagist
Package: symfony/mailjet-mailer
FLAT-B5WP8 (CVE-2026-45753)
Reflected cross-site scripting (XSS) In symfony/symfony
1.2
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-MEUK7 (CVE-2026-45305)
Asymmetric denial of service - ReDoS In symfony/yaml
2.7
Low
Ecosystem: Packagist
Package: symfony/yaml
FLAT-OCAF7 (CVE-2026-45304)
Asymmetric denial of service In symfony/symfony
2.7
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-UY8M8 (CVE-2026-45133)
Asymmetric denial of service - ReDoS In symfony/yaml
2.7
Low
Ecosystem: Packagist
Package: symfony/yaml
FLAT-4RD7H (CVE-2026-45077)
Insecure deserialization In symfony/monolog-bridge
8.1
High
Ecosystem: Packagist
Package: symfony/monolog-bridge
FLAT-XOJZX (CVE-2026-45075)
Authentication mechanism absence or evasion In symfony/security-http
6.2
Medium
Ecosystem: Packagist
Package: symfony/security-http
FLAT-PJBV7 (CVE-2026-45074)
Spoofing In symfony/symfony
6.6
Medium
Ecosystem: Packagist
Package: symfony/symfony
FLAT-O05T4 (CVE-2026-45073)
SQL injection - Code In symfony/cache
5.0
Medium
Ecosystem: Packagist
Package: symfony/cache
FLAT-L3WKP (CVE-2026-45072)
Server side cross-site scripting In symfony/web-profiler-bundle
1.2
Low
Ecosystem: Packagist
Package: symfony/web-profiler-bundle
FLAT-M421A (CVE-2026-45071)
XML injection (XXE) In symfony/symfony
1.3
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-D8N9B (CVE-2026-45070)
Lack of data validation In symfony/mime
4.9
Medium
Ecosystem: Packagist
Package: symfony/mime
FLAT-SUPZD (CVE-2026-45069)
Insufficient data authenticity validation In symfony/symfony
4.9
Medium
Ecosystem: Packagist
Package: symfony/symfony
FLAT-9UW9M (CVE-2026-45068)
Insecure functionality In symfony/symfony
6.2
Medium
Ecosystem: Packagist
Package: symfony/symfony
FLAT-HOGNL (CVE-2026-45067)
Lack of data validation In symfony/mime
4.9
Medium
Ecosystem: Packagist
Package: symfony/mime
FLAT-NXWDU (CVE-2026-45066)
Lack of data validation In symfony/html-sanitizer
0.6
Low
Ecosystem: Packagist
Package: symfony/html-sanitizer
FLAT-7E7E7 (CVE-2026-45064)
Clickjacking In symfony/html-sanitizer
2.7
Low
Ecosystem: Packagist
Package: symfony/html-sanitizer
FLAT-Q59ND (CVE-2026-45065)
Asymmetric denial of service - ReDoS In symfony/symfony
1.7
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-0FWDE (CVE-2026-45063)
Spoofing In symfony/symfony
6.6
Medium
Ecosystem: Packagist
Package: symfony/symfony
FLAT-1GKWW (GHSA-ghc5-95c2-vwcv)
Insecure generation of random numbers In auth0/symfony
8.1
High
Ecosystem: Packagist
Package: auth0/symfony
FLAT-XWV0S (CVE-2026-24739)
Insecure functionality In symfony/symfony
4.1
Medium
Ecosystem: Packagist
Package: symfony/symfony
FLAT-3OLRK (GHSA-f3r2-88mq-9v4g)
Insufficient data authenticity validation In auth0/symfony
7.5
High
Ecosystem: Packagist
Package: auth0/symfony
FLAT-V57PE (CVE-2025-64500)
Authentication mechanism absence or evasion In symfony
2.7
Low
Ecosystem: Debian
Package: symfony
FLAT-J5CRG (GHSA-7jp2-5h22-m432)
Insecure file upload In auth0/symfony
0.5
Low
Ecosystem: Packagist
Package: auth0/symfony
FLAT-3OG45 (MAL-2025-34325)
Use of software with malware In symfonyc
5.2
Medium
Ecosystem: Npm
Package: symfonyc
FLAT-C6MJV (GHSA-98j6-67v3-mw34)
Insecure deserialization In auth0/symfony
8.0
High
Ecosystem: Packagist
Package: auth0/symfony
FLAT-Q3AA9 (DLA-4200-1)
Insecure service configuration In symfony
0.6
Low
Ecosystem: Debian
Package: symfony
FLAT-TM2PQ (CVE-2025-47946)
Reflected cross-site scripting (XSS) In symfony/ux-live-component
1.3
Low
Ecosystem: Packagist
Package: symfony/ux-live-component
FLAT-GOTEG (GHSA-9wg9-93h9-j8ch)
Improper authorization control for web services In auth0/symfony
8.0
High
Ecosystem: Packagist
Package: auth0/symfony
FLAT-G4B5Y (CVE-2024-36610)
Lack of data validation In symfony/var-dumper
0.0
None
Ecosystem: Packagist
Package: symfony/var-dumper
FLAT-05W0I (CVE-2024-36611)
Authentication mechanism absence or evasion In symfony/security-http
6.8
Medium
Ecosystem: Packagist
Package: symfony/security-http
FLAT-BNZ0Y (DSA-5813-1)
Improper authorization control for web services In symfony
2.7
Low
Ecosystem: Debian
Package: symfony
FLAT-1O74M (CVE-2024-51996)
Authentication mechanism absence or evasion In symfony/security-http
6.6
Medium
Ecosystem: Packagist
Package: symfony/security-http
FLAT-MFF9X (DSA-5809-1)
Improper authorization control for web services In symfony
2.7
Low
Ecosystem: Debian
Package: symfony
FLAT-0MAIK (CVE-2024-50345)
Cross-site request forgery In symfony
0.6
Low
Ecosystem: Debian
Package: symfony
FLAT-IF7O0 (CVE-2024-50343)
Lack of data validation In symfony
0.6
Low
Ecosystem: Debian
Package: symfony
FLAT-FHQNL (CVE-2024-50341)
Authentication mechanism absence or evasion In symfony
0.6
Low
Ecosystem: Debian
Package: symfony
FLAT-ZRGKW (CVE-2024-50342)
Business information leak In symfony
0.6
Low
Ecosystem: Debian
Package: symfony
FLAT-406OM (CVE-2024-50340)
Lack of data validation In symfony
2.7
Low
Ecosystem: Debian
Package: symfony
FLAT-XQYYE (CVE-2024-51736)
Server side template injection In symfony/symfony
6.1
Medium
Ecosystem: Packagist
Package: symfony/symfony
FLAT-TPDVP (GHSA-4vf2-qfg3-7598)
XML injection (XXE) In symfony/validator
6.6
Medium
Ecosystem: Packagist
Package: symfony/validator
FLAT-7AYKO (GHSA-f75p-x5vm-83qp)
XML injection (XXE) In symfony/translation
6.6
Medium
Ecosystem: Packagist
Package: symfony/translation
FLAT-88OXC (CVE-2014-6072)
Server side template injection In symfony/web-profiler-bundle
7.2
High
Ecosystem: Packagist
Package: symfony/web-profiler-bundle
FLAT-7AF8G (GHSA-hx53-jchx-cr52)
Insecure functionality In symfony/symfony
4.6
Medium
Ecosystem: Packagist
Package: symfony/symfony
FLAT-FRHEW (GHSA-q2gc-gg3x-7942)
XML injection (XXE) In symfony/symfony
6.6
Medium
Ecosystem: Packagist
Package: symfony/symfony
FLAT-YJ9N8 (GHSA-mmcv-fvq8-r9x3)
Insecure deserialization In symfony/symfony
8.1
High
Ecosystem: Packagist
Package: symfony/symfony
FLAT-FUQOT (GHSA-7mx2-7q8p-pgmw)
Authentication mechanism absence or evasion In symfony/symfony
4.9
Medium
Ecosystem: Packagist
Package: symfony/symfony
FLAT-KU3KC (GHSA-j68w-pg49-f6vx)
XML injection (XXE) In symfony/serializer
6.3
Medium
Ecosystem: Packagist
Package: symfony/serializer
FLAT-AR6D2 (GHSA-rjpm-qmq7-q85w)
XML injection (XXE) In symfony/routing
7.7
High
Ecosystem: Packagist
Package: symfony/routing
FLAT-IDIGQ (CVE-2014-5245)
Sensitive information sent insecurely In symfony/http-kernel
6.6
Medium
Ecosystem: Packagist
Package: symfony/http-kernel
FLAT-QRC2L (CVE-2015-2309)
Lack of data validation In symfony/http-foundation
2.7
Low
Ecosystem: Packagist
Package: symfony/http-foundation
FLAT-IAIKH (CVE-2014-6061)
Lack of data validation In symfony/symfony
2.7
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-ROVUN (CVE-2014-5244)
Asymmetric denial of service - ReDoS In symfony/http-foundation
6.6
Medium
Ecosystem: Packagist
Package: symfony/http-foundation
FLAT-SLX75 (GHSA-vfm6-r2gc-pwww)
Use of insecure channel - Source code In symfony/http-foundation
0.5
Low
Ecosystem: Packagist
Package: symfony/http-foundation
FLAT-PTXJE (CVE-2014-4931)
Server side template injection In symfony/symfony
6.6
Medium
Ecosystem: Packagist
Package: symfony/symfony
FLAT-F2DSV (GHSA-c636-cg5r-2498)
XML injection (XXE) In symfony/dependency-injection
6.6
Medium
Ecosystem: Packagist
Package: symfony/dependency-injection
FLAT-4URJ5 (GHSA-8wx3-8m4x-g5h4)
Improper authorization control for web services In friendsofsymfony/user-bundle
2.7
Low
Ecosystem: Packagist
Package: friendsofsymfony/user-bundle
FLAT-26OGD (GHSA-6mjq-9x4w-m3w9)
Session Fixation In friendsofsymfony/user-bundle
1.3
Low
Ecosystem: Packagist
Package: friendsofsymfony/user-bundle
FLAT-0C26H (GHSA-pjx8-984p-7p3x)
Insecure generation of random numbers In friendsofsymfony/user-bundle
0.6
Low
Ecosystem: Packagist
Package: friendsofsymfony/user-bundle
FLAT-Y5NG6 (GHSA-p9fg-j6ww-953m)
Lack of data validation In friendsofsymfony/rest-bundle
1.3
Low
Ecosystem: Packagist
Package: friendsofsymfony/rest-bundle
FLAT-IE86K (GHSA-xm3x-4ph3-3x9c)
Cross-site request forgery In friendsofsymfony/oauth2-php
1.3
Low
Ecosystem: Packagist
Package: friendsofsymfony/oauth2-php
FLAT-4619P (CVE-2024-28861)
Insecure deserialization In friendsofsymfony1/symfony1
1.7
Low
Ecosystem: Packagist
Package: friendsofsymfony1/symfony1
FLAT-RUYA2 (CVE-2024-28859)
Insecure deserialization In friendsofsymfony1/swiftmailer
0.6
Low
Ecosystem: Packagist
Package: friendsofsymfony1/swiftmailer
FLAT-PYKRB (CVE-2024-13250)
Cross-site request forgery In drupal/symfony_mailer_lite
1.1
Low
Ecosystem: Packagist
Package: drupal/symfony_mailer_lite
FLAT-G2CF1 (DLA-3664-1)
Improper authorization control for web services In symfony
2.7
Low
Ecosystem: Debian
Package: symfony
FLAT-XOV8L (CVE-2023-46735)
Server side cross-site scripting In symfony/symfony
1.3
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-0PG8V (CVE-2023-46734)
Reflected cross-site scripting (XSS) In symfony/twig-bridge
1.3
Low
Ecosystem: Packagist
Package: symfony/twig-bridge
FLAT-OY7ME (CVE-2023-46733)
Session Fixation In symfony/security-http
4.9
Medium
Ecosystem: Packagist
Package: symfony/security-http
FLAT-GGLH2 (CVE-2023-41336)
Lack of data validation In symfony/ux-autocomplete
2.7
Low
Ecosystem: Packagist
Package: symfony/ux-autocomplete
FLAT-7FVJE (DRUPAL-CONTRIB-2023-031)
Cross-site request forgery In drupal/symfony_mailer
0.5
Low
Ecosystem: Packagist
Package: drupal/symfony_mailer
FLAT-V1IAU (DLA-3493-1)
Improper authorization control for web services In symfony
2.7
Low
Ecosystem: Debian
Package: symfony
FLAT-0CB0K (CVE-2022-24895)
Session Fixation In symfony
1.3
Low
Ecosystem: Debian
Package: symfony
FLAT-G7U31 (CVE-2022-24894)
Improper authorization control for web services In symfony
6.1
Medium
Ecosystem: Debian
Package: symfony
FLAT-X5QJ0 (CVE-2017-11365)
Improper authorization control for web services In symfony/security
8.1
High
Ecosystem: Packagist
Package: symfony/security
FLAT-R0MAH (CVE-2012-6432)
Improper authorization control for web services In symfony/symfony
2.7
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-PB60M (CVE-2012-6431)
Improper authorization control for web services In symfony/routing
2.7
Low
Ecosystem: Packagist
Package: symfony/routing
FLAT-71HUF (CVE-2013-5750)
Asymmetric denial of service In friendsofsymfony/user-bundle
6.6
Medium
Ecosystem: Packagist
Package: friendsofsymfony/user-bundle
FLAT-LYQEG (CVE-2013-5958)
Lack of data validation - Path Traversal In symfony/polyfill
1.3
Low
Ecosystem: Packagist
Package: symfony/polyfill
FLAT-EC39Y (CVE-2016-1902)
Race condition In symfony/security
6.6
Medium
Ecosystem: Packagist
Package: symfony/security
FLAT-ZT66H (CVE-2016-4423)
Asymmetric denial of service In symfony/security
6.6
Medium
Ecosystem: Packagist
Package: symfony/security
FLAT-QGQYW (CVE-2015-2308)
Server side template injection In symfony/symfony
1.7
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-A43UD (CVE-2015-8125)
Lack of data validation - Path Traversal In symfony/symfony
2.7
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-1NXJ4 (CVE-2015-4050)
Improper authorization control for web services In symfony/symfony
2.7
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-CVPBZ (CVE-2013-1348)
Server side template injection In symfony/yaml
2.7
Low
Ecosystem: Packagist
Package: symfony/yaml
FLAT-SNZLH (CVE-2013-1397)
Server side template injection In symfony/symfony
2.7
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-N6S2R (CVE-2018-11407)
Authentication mechanism absence or evasion In symfony/security
8.1
High
Ecosystem: Packagist
Package: symfony/security
FLAT-5GA5I (CVE-2016-2403)
Authentication mechanism absence or evasion In symfony/security-core
8.1
High
Ecosystem: Packagist
Package: symfony/security-core
FLAT-EF6QM (CVE-2015-8124)
Session Fixation In symfony/security
0.6
Low
Ecosystem: Packagist
Package: symfony/security
FLAT-0YVKY (CVE-2017-16790)
Server-side request forgery (SSRF) In symfony/form
5.8
Medium
Ecosystem: Packagist
Package: symfony/form
FLAT-NZF0A (CVE-2018-14774)
Lack of data validation In symfony/symfony
2.7
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-168AQ (CVE-2018-11385)
Session Fixation In symfony/security-http
7.2
High
Ecosystem: Packagist
Package: symfony/security-http
FLAT-IB70D (CVE-2017-16652)
Uncontrolled external site redirect In symfony/security
1.3
Low
Ecosystem: Packagist
Package: symfony/security
FLAT-YON44 (CVE-2017-16654)
Lack of data validation - Path Traversal In symfony/symfony
6.6
Medium
Ecosystem: Packagist
Package: symfony/symfony
FLAT-ZISAD (CVE-2018-11408)
Uncontrolled external site redirect In symfony/symfony
1.3
Low
Ecosystem: Packagist
Package: symfony/symfony
FLAT-LT9F2 (CVE-2018-11386)
Session Fixation In symfony/http-foundation
4.6
Medium
Ecosystem: Packagist
Package: symfony/http-foundation
FLAT-9IKBK (CVE-2018-11406)
Insecure session management In symfony/security-http
6.3
Medium
Ecosystem: Packagist
Package: symfony/security-http