Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Symfony Number Of NVD 57 CRITICAL 7 HIGH 21 MEDIUM 29 LOW 0
URL https://symfony.com/
Explanation Symfony is a framework that provides the necessary components to develop web applications quickly and easily in PHP.
It is based on Model View Controller (MVC).
It has been in development since December 2004 and has a large user base.
It is a framework suitable for large scale development with PHP.

Normal release is 8 months for bug fixes and 14 months for security fixes.
Long-term support includes bug fixes for 3 years and security fixes for 4 years.
Tag
  • MIT License
  • PHP
Add Information URL
No Type Name URL
1 https://symfony.com/download
2 https://symfony.com/releases
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 Symfony 7.1 7.1.11 Jan. 29, 2025 May 31, 2024 Jan. 31, 2025 0 0 0 0
32 Symfony 7.0 7.0.10 July 26, 2024 Nov. 29, 2023 July 31, 2024 0 0 0 0
33 Symfony 6.4(LTS) 6.4.29 Nov. 12, 2025 Nov. 29, 2023 June 28, 2027 0 0 0 0
34 Symfony 6.3 6.3.12 Jan. 30, 2024 May 30, 2023 Jan. 31, 2024 0 0 3 0
35 Symfony 6.2 6.2.14 July 31, 2023 Nov. 30, 2022 July 30, 2023 0 2 3 0
36 Symfony 6.1 6.1.12 Feb. 1, 2023 May 27, 2022 Jan. 31, 2023 0 2 2 0
37 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 July 31, 2022 0 3 2 0
38 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 Jan. 31, 2023 0 3 2 0
39 Symfony 5.4(LTS) 5.4.50 Nov. 12, 2025 Nov. 29, 2021 Nov. 30, 2024 0 3 1 0
40 Symfony 5.3 5.3.16 March 1, 2022 May 31, 2021 Jan. 31, 2022 0 5 3 0
41 Symfony 5.2 5.2.14 July 29, 2021 Nov. 30, 2020 July 31, 2021 0 3 4 0
42 Symfony 5.1 5.1.11 Jan. 27, 2021 May 31, 2020 Jan. 31, 2021 0 4 3 0
43 Symfony 5.0 5.0.11 July 24, 2020 Nov. 21, 2019 Nov. 30, 2019 July 31, 2020 0 4 5 0
44 Symfony 4.4(LTS) 4.4.51 Nov. 10, 2023 Nov. 21, 2019 Nov. 30, 2022 Nov. 30, 2023 0 5 5 0
45 Symfony 4.3 4.3.11 Jan. 31, 2020 May 30, 2019 Jan. 31, 2020 July 31, 2020 2 5 4 0
46 Symfony 4.2 4.2.12 Nov. 13, 2019 Nov. 30, 2018 July 31, 2019 Jan. 31, 2020 4 7 7 0
47 Symfony 4.1 4.1.12 April 17, 2019 May 30, 2018 Jan. 31, 2019 July 31, 2019 2 6 7 0
48 Symfony 4.0 4.0.15 Dec. 6, 2018 Nov. 30, 2017 July 31, 2018 Jan. 31, 2019 1 6 7 0
49 Symfony 3.4 3.4.49 May 19, 2021 Nov. 30, 2017 Nov. 30, 2020 Nov. 30, 2020 4 11 9 0
50 Symfony 3.3 3.3.9 2 7 12 0
51 Symfony 3.2 3.2.9 1 4 7 0
52 Symfony 3.1 3.1.9 0 3 5 0
53 Symfony 3.0 3.0.9 1 4 5 0
54 Symfony 2.8 2.8.9 5 11 10 0
55 Symfony 2.7 2.7.9 3 11 10 0
56 Symfony 2.6 2.6.9 0 5 5 0
57 Symfony 2.5 2.5.9 0 3 4 0
58 Symfony 2.4 2.4.9 0 3 4 0
59 Symfony 2.3 2.3.9 0 7 7 0
60 Symfony 2.2 2.2.9 0 7 6 0
61 Symfony 2.1 2.1.9 0 7 6 0
62 Symfony 2.0 2.0.9 0 8 7 0
63 Symfony 1.4 1.4.9 0 3 3 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 5.9
4.3 		MEDIUM
Network 		An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different token… NVD-CWE-noinfo
CVE-2017-16653 cpe:2.3:a:sensiolabs:symfony:*:* 2.7.0
3.2.0
3.3.0
3.8.0 		2.7.37
3.2.13
3.3.12
3.8.30





2024-11-21 12:16
2018-08-7 		Show GitHub Exploit DB Packet Storm
32 6.5
4.0 		MEDIUM
Network 		An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST … CWE-20
 Improper Input Validation  		CVE-2017-16790 cpe:2.3:a:sensiolabs:symfony:*:* 2.7.0
2.8.0
3.2.0
3.3.0 		2.7.37
2.8.30
3.2.13
3.3.12





2024-11-21 12:16
2018-08-7 		Show GitHub Exploit DB Packet Storm
33 7.5
5.0 		HIGH
Network 		An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the … CWE-22
Path Traversal 		CVE-2017-16654 cpe:2.3:a:sensiolabs:symfony:*:* 2.7.0
3.2.0
3.3.0
3.8.0 		2.7.37
3.2.13
3.3.12
3.8.30





2024-11-21 12:16
2018-08-7 		Show GitHub Exploit DB Packet Storm
34 7.2
5.0 		HIGH
Network 		An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using Http… CWE-20
 Improper Input Validation  		CVE-2018-14774 cpe:2.3:a:sensiolabs:symfony:*:* 2.8.0
3.3.0
3.4.0
4.0.0
4.1.0
2.7.0 		2.8.43
3.3.17
3.4.13
4.0.13
4.1.2
2.7.48









2024-11-21 12:49
2018-08-4 		Show GitHub Exploit DB Packet Storm
35 6.5
4.0 		MEDIUM
Network 		An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises … NVD-CWE-noinfo
CVE-2018-14773 cpe:2.3:a:sensiolabs:symfony:*:*
2.8.0
3.3.0
3.4.0
4.0.0
4.1.0 		2.7.48
2.8.43
3.3.17
3.4.13
4.0.13
4.1.2 		2.7.0




2024-11-21 12:49
2018-08-4 		Show GitHub Exploit DB Packet Storm
36 6.1
4.3 		MEDIUM
Network 		The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as de… CWE-79
Cross-site Scripting 		CVE-2017-18343 cpe:2.3:a:sensiolabs:symfony:*:*
2.8.0
3.0.0
3.3.0





2.7.33
2.8.26
3.2.13
3.3.6 		2024-11-21 12:19
2018-07-20 		Show GitHub Exploit DB Packet Storm
37 6.1
4.3 		MEDIUM
Network 		Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _pro… CWE-79
Cross-site Scripting 		CVE-2018-12040 cpe:2.3:a:sensiolabs:symfony:3.3.6:* 2024-11-21 12:44
2018-06-14 		Show GitHub Exploit DB Packet Storm
38 6.1
5.8 		MEDIUM
Network 		The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnera… CWE-601
Open Redirect 		CVE-2018-11408 cpe:2.3:a:sensiolabs:symfony:*:* 2.7.0
2.8.0
3.3.0
3.4.0
4.0.0







2.7.48
2.8.41
3.3.17
3.4.11
4.0.11 		2024-11-21 12:43
2018-06-14 		Show GitHub Exploit DB Packet Storm
39 9.8
7.5 		CRITICAL
Network 		An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by l… CWE-287
Improper Authentication 		CVE-2018-11407 cpe:2.3:a:sensiolabs:symfony:*:* 3.3.0
2.8.0
3.4.0
4.0.0





3.3.17
2.8.37
3.4.7
4.0.7 		2024-11-21 12:43
2018-06-14 		Show GitHub Exploit DB Packet Storm
40 8.8
6.8 		HIGH
Network 		An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session … CWE-352
 Origin Validation Error 		CVE-2018-11406 cpe:2.3:a:sensiolabs:symfony:*:* 2.7.0
2.8.0
3.3.0
3.4.0
4.0.0







2.7.48
2.8.41
3.3.17
3.4.11
4.0.11 		2024-11-21 12:43
2018-06-14 		Show GitHub Exploit DB Packet Storm