Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Symfony Number Of NVD 85 CRITICAL 10 HIGH 33 MEDIUM 42 LOW 0
URL https://symfony.com/
Explanation Symfony is a framework that provides the necessary components to develop web applications quickly and easily in PHP.
It is based on Model View Controller (MVC).
It has been in development since December 2004 and has a large user base.
It is a framework suitable for large scale development with PHP.

Normal release is 8 months for bug fixes and 14 months for security fixes.
Long-term support includes bug fixes for 3 years and security fixes for 4 years.
Tag
  • MIT License
  • PHP

Add Information URL
No Type Name URL
1 https://symfony.com/download
2 https://symfony.com/releases

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
1 Symfony 8.1 8.1.1 June 27, 2026 May 29, 2026 Dec. 31, 2026 0 0 0 0
2 Symfony 7.1 7.1.11 Jan. 29, 2025 May 31, 2024 Jan. 31, 2025 1 10 10 0
3 Symfony 7.0 7.0.10 July 26, 2024 Nov. 29, 2023 July 31, 2024 1 9 10 0
4 Symfony 6.4(LTS) 6.4.29 Nov. 12, 2025 Nov. 29, 2023 June 28, 2027 2 9 10 0
5 Symfony 6.3 6.3.12 Jan. 30, 2024 May 30, 2023 Jan. 31, 2024 2 8 11 0
6 Symfony 6.2 6.2.14 July 31, 2023 Nov. 30, 2022 July 30, 2023 1 10 11 0
7 Symfony 6.1 6.1.12 Feb. 1, 2023 May 27, 2022 Jan. 31, 2023 1 10 10 0
8 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 July 31, 2022 1 11 5 0
9 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 Jan. 31, 2023 1 11 5 0
10 Symfony 5.4(LTS) 5.4.50 Nov. 12, 2025 Nov. 29, 2021 Nov. 30, 2024 1 12 4 0
11 Symfony 5.3 5.3.16 March 1, 2022 May 31, 2021 Jan. 31, 2022 1 13 6 0
12 Symfony 5.2 5.2.14 July 29, 2021 Nov. 30, 2020 July 31, 2021 1 11 7 0
13 Symfony 5.1 5.1.11 Jan. 27, 2021 May 31, 2020 Jan. 31, 2021 1 12 6 0
14 Symfony 5.0 5.0.11 July 24, 2020 Nov. 21, 2019 Nov. 30, 2019 July 31, 2020 1 12 8 0
15 Symfony 4.4(LTS) 4.4.51 Nov. 10, 2023 Nov. 21, 2019 Nov. 30, 2022 Nov. 30, 2023 1 13 8 0
16 Symfony 4.3 4.3.11 Jan. 31, 2020 May 30, 2019 Jan. 31, 2020 July 31, 2020 3 13 7 0
17 Symfony 4.2 4.2.12 Nov. 13, 2019 Nov. 30, 2018 July 31, 2019 Jan. 31, 2020 5 15 10 0
18 Symfony 4.1 4.1.12 April 17, 2019 May 30, 2018 Jan. 31, 2019 July 31, 2019 3 14 10 0
19 Symfony 4.0 4.0.15 Dec. 6, 2018 Nov. 30, 2017 July 31, 2018 Jan. 31, 2019 2 14 10 0
20 Symfony 3.4 3.4.49 May 19, 2021 Nov. 30, 2017 Nov. 30, 2020 Nov. 30, 2020 5 19 12 0
21 Symfony 8.0 8.2 3 12 13 0
22 Symfony 7.0 7.4 1 9 10 0
23 Symfony 3.3 3.3.9 3 15 15 0
24 Symfony 3.2 3.2.9 2 12 10 0
25 Symfony 3.1 3.1.9 1 11 8 0
26 Symfony 3.0 3.0.9 2 12 8 0
27 Symfony 2.8 2.8.9 6 19 13 0
28 Symfony 2.7 2.7.9 4 19 13 0
29 Symfony 2.6 2.6.9 1 13 8 0
30 Symfony 2.5 2.5.9 1 11 7 0
31 Symfony 2.4 2.4.9 1 11 7 0
32 Symfony 2.3 2.3.9 1 15 10 0
33 Symfony 2.2 2.2.9 1 15 9 0
34 Symfony 2.1 2.1.9 1 15 9 0
35 Symfony 2.0 2.0.9 1 16 10 0
36 Symfony 1.4 1.4.9 1 11 6 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
1 6.1
-
MEDIUM
Network
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate() used strtr() dot-segment enco… New CWE-172
CWE-601
 Encoding Error
Open Redirect
CVE-2026-48784 cpe:2.3:a:sensiolabs:symfony:*:*
6.0.0
7.0.0
8.0.0






5.4.53
6.4.41
7.4.13
8.0.13
2026-07-15 23:44
2026-07-15
Show GitHub Exploit DB Packet Storm
2 6.1
-
MEDIUM
Network
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlAttributeSanitizer::getSupportedAttributes() omitted … New CWE-79
CWE-1023
Cross-site Scripting
 Incomplete Comparison with Missing Factors
CVE-2026-48761 cpe:2.3:a:sensiolabs:symfony:*:* 6.1.0
7.0.0
8.0.0




6.4.41
7.4.13
8.0.13
2026-07-15 23:45
2026-07-15
Show GitHub Exploit DB Packet Storm
3 6.1
-
MEDIUM
Network
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlSanitizer::parse() rejected raw BiDi formatting chara… New CWE-451
CWE-1007
 User Interface (UI) Misrepresentation of Critical Information
 Insufficient Visual Distinction of Homoglyphs Presented to User
CVE-2026-48760 cpe:2.3:a:sensiolabs:symfony:*:* 6.1.0
7.0.0
8.0.0




6.4.41
7.4.13
8.0.13
2026-07-16 00:16
2026-07-15
Show GitHub Exploit DB Packet Storm
4 5.3
-
MEDIUM
Network
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature() parsed X-MOM-Webhook-Signature… New CWE-347
CWE-757
 Improper Verification of Cryptographic Signature
Algorithm Downgrade
CVE-2026-48747 cpe:2.3:a:sensiolabs:symfony:*:* 7.2.0
8.0.0


7.4.13
8.0.13
2026-07-16 00:16
2026-07-15
Show GitHub Exploit DB Packet Storm
5 8.6
-
HIGH
Network
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.0 to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, NoPrivateNetworkHttpClient and IpUtils::PRIVATE_SUB… New CWE-184
CWE-918
 Incomplete Blacklist
Server-Side Request Forgery (SSRF) 
CVE-2026-48736 cpe:2.3:a:sensiolabs:symfony:*:* 5.4.0
6.4.0
7.0.0
8.0.0






5.4.43
6.4.41
7.4.13
8.0.13
2026-07-16 12:12
2026-07-15
Show GitHub Exploit DB Packet Storm
6 7.5
-
HIGH
Network
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, DefaultAuthenticationFailureHandler honored the request-… New CWE-863
 Incorrect Authorization
CVE-2026-48489 cpe:2.3:a:sensiolabs:symfony:*:*
6.0.0
7.0.0
8.0.0






5.4.53
6.4.41
7.4.13
8.0.13
2026-07-17 00:16
2026-07-15
Show GitHub Exploit DB Packet Storm
7 5.3
-
MEDIUM
Network
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, TwilioRequestParser::doParse() received the configured webhook s… New CWE-306
CWE-347
Missing Authentication for Critical Function
 Improper Verification of Cryptographic Signature
CVE-2026-47212 cpe:2.3:a:sensiolabs:symfony:*:* 6.4.0
7.0.0
8.0.0




6.4.40
7.4.12
8.0.12
2026-07-16 00:03
2026-07-15
Show GitHub Exploit DB Packet Storm
8 7.5
-
HIGH
Network
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Crawler::addXmlContent() set DOMDocument::$validateOnPar… New CWE-611
XXE
CVE-2026-45071 cpe:2.3:a:sensiolabs:symfony:*:*
6.0.0
7.0.0
8.0.0






5.4.52
6.4.40
7.4.12
8.0.12
2026-07-16 00:16
2026-07-15
Show GitHub Exploit DB Packet Storm
9 7.5
-
HIGH
Network
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, SendmailTransport in -t mode appended recipient addresse… New CWE-88
Argument Injection
CVE-2026-45068 cpe:2.3:a:sensiolabs:symfony:*:*
6.0.0
7.0.0
8.0.0






5.4.52
6.4.40
7.4.12
8.0.12
2026-07-15 23:18
2026-07-15
Show GitHub Exploit DB Packet Storm
10 9.8
-
CRITICAL
Network
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.46 until 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the CVE-2024-50340 fix gated runtime argv parsi… New CWE-436
 Interpretation Conflict
CVE-2026-47767 cpe:2.3:a:sensiolabs:symfony:*:* 5.4.46
6.4.14
7.1.7
8.0.0






5.4.52
6.4.40
7.4.12
8.0.12
2026-07-17 00:16
2026-07-15
Show GitHub Exploit DB Packet Storm