Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Symfony Number Of NVD 57 CRITICAL 7 HIGH 21 MEDIUM 29 LOW 0
URL https://symfony.com/
Explanation Symfony is a framework that provides the necessary components to develop web applications quickly and easily in PHP.
It is based on Model View Controller (MVC).
It has been in development since December 2004 and has a large user base.
It is a framework suitable for large scale development with PHP.

Normal release is 8 months for bug fixes and 14 months for security fixes.
Long-term support includes bug fixes for 3 years and security fixes for 4 years.
Tag
  • MIT License
  • PHP
Add Information URL
No Type Name URL
1 https://symfony.com/download
2 https://symfony.com/releases
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
11 Symfony 7.1 7.1.11 Jan. 29, 2025 May 31, 2024 Jan. 31, 2025 0 0 0 0
12 Symfony 7.0 7.0.10 July 26, 2024 Nov. 29, 2023 July 31, 2024 0 0 0 0
13 Symfony 6.4(LTS) 6.4.29 Nov. 12, 2025 Nov. 29, 2023 June 28, 2027 0 0 0 0
14 Symfony 6.3 6.3.12 Jan. 30, 2024 May 30, 2023 Jan. 31, 2024 0 0 3 0
15 Symfony 6.2 6.2.14 July 31, 2023 Nov. 30, 2022 July 30, 2023 0 2 3 0
16 Symfony 6.1 6.1.12 Feb. 1, 2023 May 27, 2022 Jan. 31, 2023 0 2 2 0
17 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 July 31, 2022 0 3 2 0
18 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 Jan. 31, 2023 0 3 2 0
19 Symfony 5.4(LTS) 5.4.50 Nov. 12, 2025 Nov. 29, 2021 Nov. 30, 2024 0 3 1 0
20 Symfony 5.3 5.3.16 March 1, 2022 May 31, 2021 Jan. 31, 2022 0 5 3 0
21 Symfony 5.2 5.2.14 July 29, 2021 Nov. 30, 2020 July 31, 2021 0 3 4 0
22 Symfony 5.1 5.1.11 Jan. 27, 2021 May 31, 2020 Jan. 31, 2021 0 4 3 0
23 Symfony 5.0 5.0.11 July 24, 2020 Nov. 21, 2019 Nov. 30, 2019 July 31, 2020 0 4 5 0
24 Symfony 4.4(LTS) 4.4.51 Nov. 10, 2023 Nov. 21, 2019 Nov. 30, 2022 Nov. 30, 2023 0 5 5 0
25 Symfony 4.3 4.3.11 Jan. 31, 2020 May 30, 2019 Jan. 31, 2020 July 31, 2020 2 5 4 0
26 Symfony 4.2 4.2.12 Nov. 13, 2019 Nov. 30, 2018 July 31, 2019 Jan. 31, 2020 4 7 7 0
27 Symfony 4.1 4.1.12 April 17, 2019 May 30, 2018 Jan. 31, 2019 July 31, 2019 2 6 7 0
28 Symfony 4.0 4.0.15 Dec. 6, 2018 Nov. 30, 2017 July 31, 2018 Jan. 31, 2019 1 6 7 0
29 Symfony 3.4 3.4.49 May 19, 2021 Nov. 30, 2017 Nov. 30, 2020 Nov. 30, 2020 4 11 9 0
30 Symfony 3.3 3.3.9 2 7 12 0
31 Symfony 3.2 3.2.9 1 4 7 0
32 Symfony 3.1 3.1.9 0 3 5 0
33 Symfony 3.0 3.0.9 1 4 5 0
34 Symfony 2.8 2.8.9 5 11 10 0
35 Symfony 2.7 2.7.9 3 11 10 0
36 Symfony 2.6 2.6.9 0 5 5 0
37 Symfony 2.5 2.5.9 0 3 4 0
38 Symfony 2.4 2.4.9 0 3 4 0
39 Symfony 2.3 2.3.9 0 7 7 0
40 Symfony 2.2 2.2.9 0 7 6 0
41 Symfony 2.1 2.1.9 0 7 6 0
42 Symfony 2.0 2.0.9 0 8 7 0
43 Symfony 1.4 1.4.9 0 3 3 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
11 5.3
5.0 		MEDIUM
Network 		Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling de… - CVE-2021-21424 cpe:2.3:a:sensiolabs:symfony:*:* 4.0.0
2.8.0
5.0.0



4.4.23
3.4.48
5.2.8 		2024-11-21 14:48
2021-05-14 		Show GitHub Exploit DB Packet Storm
12 8.8
7.5 		HIGH
Network 		In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X… - CVE-2020-15094 cpe:2.3:a:sensiolabs:symfony:*:* 4.4.0
5.1.0

4.4.13
5.1.5 		2024-11-21 14:04
2020-09-3 		Show GitHub Exploit DB Packet Storm
13 5.4
5.5 		MEDIUM
Network 		In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even … CWE-209
Information Exposure Through an Error Message 		CVE-2020-5274 cpe:2.3:a:sensiolabs:symfony:*:* 4.4.0
5.0.0

4.4.4
5.0.4 		2024-11-21 14:33
2020-03-31 		Show GitHub Exploit DB Packet Storm
14 4.3
4.0 		MEDIUM
Network 		In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the r… CWE-20
 Improper Input Validation  		CVE-2020-5255 cpe:2.3:a:sensiolabs:symfony:*:* 5.0.0
4.4.0

5.0.7
4.4.7 		2024-11-21 14:33
2020-03-31 		Show GitHub Exploit DB Packet Storm
15 8.1
5.5 		HIGH
Network 		In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides … CWE-863
 Incorrect Authorization 		CVE-2020-5275 cpe:2.3:a:sensiolabs:symfony:*:* 5.0.0
4.4.0

5.0.7
4.4.7 		2024-11-21 14:33
2020-03-31 		Show GitHub Exploit DB Packet Storm
16 6.1
4.3 		MEDIUM
Network 		Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the … CWE-79
Cross-site Scripting 		CVE-2013-4752 cpe:2.3:a:sensiolabs:symfony:*:* 2.3.0
2.2.0
2.1.0
2.0.0





2.3.3
2.2.5
2.1.12
2.0.24 		2024-11-21 10:56
2020-01-3 		Show GitHub Exploit DB Packet Storm
17 9.8
7.5 		CRITICAL
Network 		An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is rel… CWE-94
Code Injection 		CVE-2019-18889 cpe:2.3:a:sensiolabs:symfony:*:* 3.4.0
4.2.0
4.3.0 		3.4.34
4.2.11
4.3.7



2024-11-21 13:33
2019-11-22 		Show GitHub Exploit DB Packet Storm
18 7.5
5.0 		HIGH
Network 		An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIM… CWE-88
Argument Injection 		CVE-2019-18888 cpe:2.3:a:sensiolabs:symfony:*:* 3.4.0
4.2.0
4.3.0
2.8.0 		3.4.34
4.2.11
4.3.7
2.8.50





2024-11-21 13:33
2019-11-22 		Show GitHub Exploit DB Packet Storm
19 8.1
6.8 		HIGH
Network 		An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/h… CWE-203
 Information Exposure Through Discrepancy 		CVE-2019-18887 cpe:2.3:a:sensiolabs:symfony:*:* 3.4.0
4.2.0
4.3.0
2.8.0 		3.4.34
4.2.11
4.3.7
2.8.50





2024-11-21 13:33
2019-11-22 		Show GitHub Exploit DB Packet Storm
20 9.8
7.5 		CRITICAL
Network 		An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrar… CWE-116
 Improper Encoding or Escaping of Output 		CVE-2019-11325 cpe:2.3:a:sensiolabs:symfony:*:* 4.3.0
4.2.0

4.3.8
4.2.12 		2024-11-21 13:20
2019-11-22 		Show GitHub Exploit DB Packet Storm