Software Detail
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
Number of items displayed
Symfony Number Of NVD 57 CRITICAL 7 HIGH 21 MEDIUM 29 LOW 0
URL https://symfony.com/
Explanation Symfony is a framework that provides the necessary components to develop web applications quickly and easily in PHP.
It is based on Model View Controller (MVC).
It has been in development since December 2004 and has a large user base.
It is a framework suitable for large scale development with PHP.

Normal release is 8 months for bug fixes and 14 months for security fixes.
Long-term support includes bug fixes for 3 years and security fixes for 4 years.
Tag
  • PHP
  • MIT License
Add Information URL
No Type Name URL
1 https://symfony.com/download
2 https://symfony.com/releases
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 Symfony 6.3 6.3.4 Aug. 26, 2023 May 30, 2023 Jan. 31, 2024 0 0 3 0
2 Symfony 6.2 6.2.14 July 31, 2023 Nov. 30, 2022 July 30, 2023 0 0 0 0
3 Symfony 6.1 6.1.12 Feb. 1, 2023 May 27, 2022 Jan. 31, 2023 0 2 2 0
4 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 July 31, 2022 0 3 2 0
5 Symfony 5.4(LTS) 5.4.39 April 29, 2024 Nov. 29, 2021 Nov. 30, 2024 0 3 2 0
6 Symfony 5.3 5.3.16 March 1, 2022 May 31, 2021 Jan. 31, 2022 0 5 3 0
7 Symfony 5.2 5.2.14 July 29, 2021 Nov. 30, 2020 July 31, 2021 0 3 4 0
8 Symfony 5.1 5.1.11 Jan. 27, 2021 May 31, 2020 Jan. 31, 2021 0 4 3 0
9 Symfony 5.0 5.0.11 July 24, 2020 Nov. 21, 2019 Nov. 30, 2019 July 31, 2020 0 4 5 0
10 Symfony 4.4(LTS) 4.4.51 Nov. 10, 2023 Nov. 21, 2019 Nov. 30, 2022 Nov. 30, 2023 0 5 5 0
11 Symfony 4.3 4.3.11 Jan. 31, 2020 May 30, 2019 Jan. 31, 2020 July 31, 2020 2 5 4 0
12 Symfony 4.2 4.2.12 Nov. 13, 2019 Nov. 30, 2018 July 31, 2019 Jan. 31, 2020 4 7 7 0
13 Symfony 4.1 4.1.12 April 17, 2019 May 30, 2018 Jan. 31, 2019 July 31, 2019 2 6 7 0
14 Symfony 4.0 4.0.15 Dec. 6, 2018 Nov. 30, 2017 July 31, 2018 Jan. 31, 2019 1 6 7 0
15 Symfony 3.4 3.4.49 May 19, 2021 Nov. 30, 2017 Nov. 30, 2020 Nov. 30, 2020 4 11 9 0
16 Symfony 4.0 4.0.9 1 6 7 0
17 Symfony 3.3 3.3.9 2 7 12 0
18 Symfony 3.2 3.2.9 1 4 7 0
19 Symfony 3.1 3.1.9 0 3 5 0
20 Symfony 3.0 3.0.9 1 4 5 0
21 Symfony 2.8 2.8.9 5 11 10 0
22 Symfony 2.7 2.7.9 3 11 10 0
23 Symfony 2.6 2.6.9 0 5 5 0
24 Symfony 2.5 2.5.9 0 3 4 0
25 Symfony 2.4 2.4.9 0 3 4 0
26 Symfony 2.3 2.3.9 0 7 7 0
27 Symfony 2.2 2.2.9 0 7 6 0
28 Symfony 2.1 2.1.9 0 7 6 0
29 Symfony 2.0 2.0.9 0 8 7 0
30 Symfony 1.4 1.4.9 0 3 3 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 6.1
- 		MEDIUM
Network 		Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` return… - CVE-2023-46735 cpe:2.3:a:sensiolabs:symfony:*:* 6.0.0 6.3.8 2023-11-17 08:29
2023-11-11 		Show GitHub Exploit DB Packet Storm
2 6.5
- 		MEDIUM
Network 		Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListene… - CVE-2023-46733 cpe:2.3:a:sensiolabs:symfony:*:* 5.4.21
6.2.7

5.4.31
6.3.8 		2023-11-17 08:57
2023-11-11 		Show GitHub Exploit DB Packet Storm
3 6.1
- 		MEDIUM
Network 		Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Tw… CWE-79
Cross-site Scripting 		CVE-2023-46734 cpe:2.3:a:sensiolabs:symfony:*:* 6.0.0
5.0.0
2.0.0



6.3.8
5.4.31
4.4.51 		2023-11-25 05:15
2023-11-11 		Show GitHub Exploit DB Packet Storm
4 8.8
- 		HIGH
Network 		Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the… CWE-384
 Session Fixation 		CVE-2022-24895 cpe:2.3:a:sensiolabs:symfony:*:* 6.2.0
6.1.0
6.0.0
2.0.0
5.0.0







6.2.6
6.1.12
6.0.20
4.4.50
5.4.20 		2023-07-12 10:15
2023-02-4 		Show GitHub Exploit DB Packet Storm
5 8.8
- 		HIGH
Network 		Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers… CWE-285
Improper Authorization 		CVE-2022-24894 cpe:2.3:a:sensiolabs:symfony:*:* 6.2.0
6.1.0
6.0.0
2.0.0
5.0.0







6.2.6
6.1.12
6.0.20
4.4.50
5.4.2 		2023-07-12 10:15
2023-02-4 		Show GitHub Exploit DB Packet Storm
6 8.8
6.8 		HIGH
Network 		Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in t… CWE-352
 Origin Validation Error 		CVE-2022-23601 cpe:2.3:a:sensiolabs:symfony:*:*
5.4.0
6.0.0



5.3.15
5.4.4
6.0.4 		2022-02-5 11:18
2022-02-1 		Show GitHub Exploit DB Packet Storm
7 8.8
6.5 		HIGH
Network 		Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie in version… CWE-384
 Session Fixation 		CVE-2021-41268 cpe:2.3:a:sensiolabs:symfony:*:* 5.3.0 5.3.12 2021-12-1 05:04
2021-11-25 		Show GitHub Exploit DB Packet Storm
8 6.5
4.3 		MEDIUM
Network 		Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers"… CWE-444
HTTP Request Smuggling 		CVE-2021-41267 cpe:2.3:a:sensiolabs:symfony:*:* 5.2.0 5.3.12 2021-12-1 03:52
2021-11-25 		Show GitHub Exploit DB Packet Storm
9 6.5
4.0 		MEDIUM
Network 		Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 bef… CWE-1236
 Improper Neutralization of Formula Elements in a CSV File 		CVE-2021-41270 cpe:2.3:a:sensiolabs:symfony:*:* 5.0.0
4.1.0

5.3.12
4.4.35 		2023-11-7 12:38
2021-11-25 		Show GitHub Exploit DB Packet Storm
10 8.8
6.5 		HIGH
Network 		Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prio… CWE-287
Improper Authentication 		CVE-2021-32693 cpe:2.3:a:sensiolabs:symfony:*:* 5.3.0 5.3.2 2021-06-25 04:00
2021-06-18 		Show GitHub Exploit DB Packet Storm