Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Symfony Number Of NVD 57 CRITICAL 7 HIGH 21 MEDIUM 29 LOW 0
URL https://symfony.com/
Explanation Symfony is a framework that provides the necessary components to develop web applications quickly and easily in PHP.
It is based on Model View Controller (MVC).
It has been in development since December 2004 and has a large user base.
It is a framework suitable for large scale development with PHP.

Normal release is 8 months for bug fixes and 14 months for security fixes.
Long-term support includes bug fixes for 3 years and security fixes for 4 years.
Tag
  • MIT License
  • PHP
Add Information URL
No Type Name URL
1 https://symfony.com/download
2 https://symfony.com/releases
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
21 Symfony 7.1 7.1.11 Jan. 29, 2025 May 31, 2024 Jan. 31, 2025 0 0 0 0
22 Symfony 7.0 7.0.10 July 26, 2024 Nov. 29, 2023 July 31, 2024 0 0 0 0
23 Symfony 6.4(LTS) 6.4.29 Nov. 12, 2025 Nov. 29, 2023 June 28, 2027 0 0 0 0
24 Symfony 6.3 6.3.12 Jan. 30, 2024 May 30, 2023 Jan. 31, 2024 0 0 3 0
25 Symfony 6.2 6.2.14 July 31, 2023 Nov. 30, 2022 July 30, 2023 0 2 3 0
26 Symfony 6.1 6.1.12 Feb. 1, 2023 May 27, 2022 Jan. 31, 2023 0 2 2 0
27 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 July 31, 2022 0 3 2 0
28 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 Jan. 31, 2023 0 3 2 0
29 Symfony 5.4(LTS) 5.4.50 Nov. 12, 2025 Nov. 29, 2021 Nov. 30, 2024 0 3 1 0
30 Symfony 5.3 5.3.16 March 1, 2022 May 31, 2021 Jan. 31, 2022 0 5 3 0
31 Symfony 5.2 5.2.14 July 29, 2021 Nov. 30, 2020 July 31, 2021 0 3 4 0
32 Symfony 5.1 5.1.11 Jan. 27, 2021 May 31, 2020 Jan. 31, 2021 0 4 3 0
33 Symfony 5.0 5.0.11 July 24, 2020 Nov. 21, 2019 Nov. 30, 2019 July 31, 2020 0 4 5 0
34 Symfony 4.4(LTS) 4.4.51 Nov. 10, 2023 Nov. 21, 2019 Nov. 30, 2022 Nov. 30, 2023 0 5 5 0
35 Symfony 4.3 4.3.11 Jan. 31, 2020 May 30, 2019 Jan. 31, 2020 July 31, 2020 2 5 4 0
36 Symfony 4.2 4.2.12 Nov. 13, 2019 Nov. 30, 2018 July 31, 2019 Jan. 31, 2020 4 7 7 0
37 Symfony 4.1 4.1.12 April 17, 2019 May 30, 2018 Jan. 31, 2019 July 31, 2019 2 6 7 0
38 Symfony 4.0 4.0.15 Dec. 6, 2018 Nov. 30, 2017 July 31, 2018 Jan. 31, 2019 1 6 7 0
39 Symfony 3.4 3.4.49 May 19, 2021 Nov. 30, 2017 Nov. 30, 2020 Nov. 30, 2020 4 11 9 0
40 Symfony 3.3 3.3.9 2 7 12 0
41 Symfony 3.2 3.2.9 1 4 7 0
42 Symfony 3.1 3.1.9 0 3 5 0
43 Symfony 3.0 3.0.9 1 4 5 0
44 Symfony 2.8 2.8.9 5 11 10 0
45 Symfony 2.7 2.7.9 3 11 10 0
46 Symfony 2.6 2.6.9 0 5 5 0
47 Symfony 2.5 2.5.9 0 3 4 0
48 Symfony 2.4 2.4.9 0 3 4 0
49 Symfony 2.3 2.3.9 0 7 7 0
50 Symfony 2.2 2.2.9 0 7 6 0
51 Symfony 2.1 2.1.9 0 7 6 0
52 Symfony 2.0 2.0.9 0 8 7 0
53 Symfony 1.4 1.4.9 0 3 3 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
21 5.3
5.0 		MEDIUM
Network 		An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthor… CWE-203
 Information Exposure Through Discrepancy 		CVE-2019-18886 cpe:2.3:a:sensiolabs:symfony:*:* 4.2.0
4.3.0 		4.2.11
4.3.7

2024-11-21 13:33
2019-11-22 		Show GitHub Exploit DB Packet Storm
22 8.1
4.9 		HIGH
Network 		php-symfony2-Validator has loss of information during serialization CWE-20
 Improper Input Validation  		CVE-2013-4751 cpe:2.3:a:sensiolabs:symfony:*:* 2.3.0
2.2.0
2.1.0
2.0.0





2.3.3
2.2.5
2.1.12
2.0.24 		2024-11-21 10:56
2019-11-1 		Show GitHub Exploit DB Packet Storm
23 9.8
7.5 		CRITICAL
Network 		Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The compo… CWE-284
Improper Access Control 		CVE-2017-11365 cpe:2.3:a:sensiolabs:symfony:3.3.3:*
cpe:2.3:a:sensiolabs:symfony:3.2.10:*
cpe:2.3:a:sensiolabs:symfony:2.8.23:*<… 		2024-11-21 12:07
2019-05-24 		Show GitHub Exploit DB Packet Storm
24 9.8
7.5 		CRITICAL
Network 		In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted inpu… CWE-79
CWE-89
Cross-site Scripting
SQL Injection 		CVE-2019-10913 cpe:2.3:a:sensiolabs:symfony:*:* 4.2.0
4.1.0
3.4.0
2.8.0
2.7.0







4.2.7
4.1.12
3.4.26
2.8.50
2.7.51 		2024-11-21 13:20
2019-05-17 		Show GitHub Exploit DB Packet Storm
25 7.1
6.5 		HIGH
Network 		In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this coul… CWE-502
 Deserialization of Untrusted Data 		CVE-2019-10912 cpe:2.3:a:sensiolabs:symfony:*:* 4.2.0
4.1.0
3.4.0
2.8.0





4.2.7
4.1.12
3.4.26
2.8.50 		2024-11-21 13:20
2019-05-17 		Show GitHub Exploit DB Packet Storm
26 7.5
6.0 		HIGH
Network 		In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with… CWE-287
Improper Authentication 		CVE-2019-10911 cpe:2.3:a:sensiolabs:symfony:*:* 4.2.0
4.1.0
3.4.0
2.8.0
2.7.0







4.2.7
4.1.12
3.4.26
2.8.50
2.7.51 		2024-11-21 13:20
2019-05-17 		Show GitHub Exploit DB Packet Storm
27 9.8
7.5 		CRITICAL
Network 		In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code exec… CWE-89
SQL Injection 		CVE-2019-10910 cpe:2.3:a:sensiolabs:symfony:*:* 4.2.0
4.1.0
3.4.0
2.8.0
2.7.0







4.2.7
4.1.12
3.4.26
2.8.50
2.7.51 		2024-11-21 13:20
2019-05-17 		Show GitHub Exploit DB Packet Storm
28 5.4
3.5 		MEDIUM
Network 		In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. Th… CWE-79
Cross-site Scripting 		CVE-2019-10909 cpe:2.3:a:sensiolabs:symfony:*:* 4.2.0
4.1.0
3.4.0
2.8.0
2.7.0







4.2.7
4.1.12
3.4.26
2.8.50
2.7.51 		2024-11-21 13:20
2019-05-17 		Show GitHub Exploit DB Packet Storm
29 6.1
5.8 		MEDIUM
Network 		An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_f… CWE-601
Open Redirect 		CVE-2018-19790 cpe:2.3:a:sensiolabs:symfony:*:* 4.2.0
4.1.0
4.0.0
3.0.0
2.8.0
2.7.0









4.2.1
4.1.9
4.0.15
3.4.20
2.8.49
2.7.50 		2024-11-21 12:58
2018-12-19 		Show GitHub Exploit DB Packet Storm
30 5.3
5.0 		MEDIUM
Network 		An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `strin… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2018-19789 cpe:2.3:a:sensiolabs:symfony:*:* 4.2.0
4.1.0
4.0.0
3.0.0
2.8.0
2.7.0









4.2.1
4.1.9
4.0.15
3.4.20
2.8.49
2.7.50 		2024-11-21 12:58
2018-12-19 		Show GitHub Exploit DB Packet Storm