VIR Vulnerability Intelligence Relay

Package impact

php Packagist / symfony/symfony

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45067 high 8.0 16d ago Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address
CVE-2026-45063 high 8.0 16d ago Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator
CVE-2026-45077 high 8.0 16d ago Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
CVE-2016-4423 high 7.5 7.5 10y ago The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x befo…
CVE-2016-1902 high 7.5 7.5 10y ago The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the par…
CVE-2015-8125 high 7.5 11y ago Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/…
CVE-2013-1397 high 7.5 12y ago Symfony Arbitrary PHP code Execution
CVE-2013-1348 high 7.5 12y ago Symphony Vulnerable to PHP Code Injection via YAML Parsing
CVE-2026-45072 low 2.5 16d ago Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering
CVE-2026-45071 low 2.5 16d ago Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
CVE-2026-45133 low 2.5 16d ago Symfony hardened the parser when handling untrusted input
CVE-2026-45304 low 2.5 16d ago Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
CVE-2026-45305 low 2.5 16d ago Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex