Package impact
Packagist / symfony/symfony
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45072 | low | — | 2.5 | 15d ago | Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering | |||
| CVE-2026-45071 | low | — | 2.5 | 15d ago | Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true | |||
| CVE-2026-45133 | low | — | 2.5 | 15d ago | Symfony hardened the parser when handling untrusted input | |||
| CVE-2026-45304 | low | — | 2.5 | 15d ago | Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs") | |||
| CVE-2026-45305 | low | — | 2.5 | 15d ago | Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex |