Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Symfony Number Of NVD 57 CRITICAL 7 HIGH 21 MEDIUM 29 LOW 0
URL https://symfony.com/
Explanation Symfony is a framework that provides the necessary components to develop web applications quickly and easily in PHP.
It is based on Model View Controller (MVC).
It has been in development since December 2004 and has a large user base.
It is a framework suitable for large scale development with PHP.

Normal release is 8 months for bug fixes and 14 months for security fixes.
Long-term support includes bug fixes for 3 years and security fixes for 4 years.
Tag
  • MIT License
  • PHP
Add Information URL
No Type Name URL
1 https://symfony.com/download
2 https://symfony.com/releases
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
41 Symfony 7.1 7.1.11 Jan. 29, 2025 May 31, 2024 Jan. 31, 2025 0 0 0 0
42 Symfony 7.0 7.0.10 July 26, 2024 Nov. 29, 2023 July 31, 2024 0 0 0 0
43 Symfony 6.4(LTS) 6.4.29 Nov. 12, 2025 Nov. 29, 2023 June 28, 2027 0 0 0 0
44 Symfony 6.3 6.3.12 Jan. 30, 2024 May 30, 2023 Jan. 31, 2024 0 0 3 0
45 Symfony 6.2 6.2.14 July 31, 2023 Nov. 30, 2022 July 30, 2023 0 2 3 0
46 Symfony 6.1 6.1.12 Feb. 1, 2023 May 27, 2022 Jan. 31, 2023 0 2 2 0
47 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 July 31, 2022 0 3 2 0
48 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 Jan. 31, 2023 0 3 2 0
49 Symfony 5.4(LTS) 5.4.50 Nov. 12, 2025 Nov. 29, 2021 Nov. 30, 2024 0 3 1 0
50 Symfony 5.3 5.3.16 March 1, 2022 May 31, 2021 Jan. 31, 2022 0 5 3 0
51 Symfony 5.2 5.2.14 July 29, 2021 Nov. 30, 2020 July 31, 2021 0 3 4 0
52 Symfony 5.1 5.1.11 Jan. 27, 2021 May 31, 2020 Jan. 31, 2021 0 4 3 0
53 Symfony 5.0 5.0.11 July 24, 2020 Nov. 21, 2019 Nov. 30, 2019 July 31, 2020 0 4 5 0
54 Symfony 4.4(LTS) 4.4.51 Nov. 10, 2023 Nov. 21, 2019 Nov. 30, 2022 Nov. 30, 2023 0 5 5 0
55 Symfony 4.3 4.3.11 Jan. 31, 2020 May 30, 2019 Jan. 31, 2020 July 31, 2020 2 5 4 0
56 Symfony 4.2 4.2.12 Nov. 13, 2019 Nov. 30, 2018 July 31, 2019 Jan. 31, 2020 4 7 7 0
57 Symfony 4.1 4.1.12 April 17, 2019 May 30, 2018 Jan. 31, 2019 July 31, 2019 2 6 7 0
58 Symfony 4.0 4.0.15 Dec. 6, 2018 Nov. 30, 2017 July 31, 2018 Jan. 31, 2019 1 6 7 0
59 Symfony 3.4 3.4.49 May 19, 2021 Nov. 30, 2017 Nov. 30, 2020 Nov. 30, 2020 4 11 9 0
60 Symfony 3.3 3.3.9 2 7 12 0
61 Symfony 3.2 3.2.9 1 4 7 0
62 Symfony 3.1 3.1.9 0 3 5 0
63 Symfony 3.0 3.0.9 1 4 5 0
64 Symfony 2.8 2.8.9 5 11 10 0
65 Symfony 2.7 2.7.9 3 11 10 0
66 Symfony 2.6 2.6.9 0 5 5 0
67 Symfony 2.5 2.5.9 0 3 4 0
68 Symfony 2.4 2.4.9 0 3 4 0
69 Symfony 2.3 2.3.9 0 7 7 0
70 Symfony 2.2 2.2.9 0 7 6 0
71 Symfony 2.1 2.1.9 0 7 6 0
72 Symfony 2.0 2.0.9 0 8 7 0
73 Symfony 1.4 1.4.9 0 3 3 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
41 5.9
4.3 		MEDIUM
Network 		An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler c… CWE-613
 Insufficient Session Expiration 		CVE-2018-11386 cpe:2.3:a:sensiolabs:symfony:*:* 2.7.0
2.8.0
3.3.0
3.4.0
4.0.0







2.7.48
2.8.41
3.3.17
3.4.11
4.0.11 		2024-11-21 12:43
2018-06-14 		Show GitHub Exploit DB Packet Storm
42 8.1
6.8 		HIGH
Network 		An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerabil… CWE-384
 Session Fixation 		CVE-2018-11385 cpe:2.3:a:sensiolabs:symfony:*:* 2.7.0
2.8.0
3.3.0
3.4.0
4.0.0







2.7.48
2.8.41
3.3.17
3.4.11
4.0.11 		2024-11-21 12:43
2018-06-14 		Show GitHub Exploit DB Packet Storm
43 6.1
5.8 		MEDIUM
Network 		An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler t… CWE-601
Open Redirect 		CVE-2017-16652 cpe:2.3:a:sensiolabs:symfony:*:*


3.3.0


2.7.0
2.8.0
3.2.0
 2.7.38
2.8.31
3.2.14
3.3.13 		2024-11-21 12:16
2018-06-14 		Show GitHub Exploit DB Packet Storm
44 9.8
7.5 		CRITICAL
Network 		Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. CWE-287
Improper Authentication 		CVE-2016-2403 cpe:2.3:a:sensiolabs:symfony:3.0.5:*
cpe:2.3:a:sensiolabs:symfony:3.0.4:*
cpe:2.3:a:sensiolabs:symfony:3.0.3:* 		2024-11-21 11:48
2017-02-8 		Show GitHub Exploit DB Packet Storm
45 7.5
5.0 		HIGH
Network 		The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x befo… CWE-399
 Resource Management Errors 		CVE-2016-4423 cpe:2.3:a:sensiolabs:symfony:3.0.5:*
cpe:2.3:a:sensiolabs:symfony:3.0.4:*
cpe:2.3:a:sensiolabs:symfony:3.0.3:* 		2.3.40 2024-11-21 11:52
2016-06-2 		Show GitHub Exploit DB Packet Storm
46 7.5
5.0 		HIGH
Network 		The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the par… CWE-310
Cryptographic Issues 		CVE-2016-1902 cpe:2.3:a:sensiolabs:symfony:2.7.8:*
cpe:2.3:a:sensiolabs:symfony:2.7.7:*
cpe:2.3:a:sensiolabs:symfony:2.7.6:* 		2.3.36 2024-11-21 11:47
2016-06-2 		Show GitHub Exploit DB Packet Storm
47 -
7.5 		HIGH Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/… NVD-CWE-noinfo
CVE-2015-8125 cpe:2.3:a:sensiolabs:symfony:2.7.6:*
cpe:2.3:a:sensiolabs:symfony:2.7.5:*
cpe:2.3:a:sensiolabs:symfony:2.7.4:* 		2024-11-21 11:38
2015-12-8 		Show GitHub Exploit DB Packet Storm
48 -
6.8 		MEDIUM Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a sess… NVD-CWE-Other
CVE-2015-8124 cpe:2.3:a:sensiolabs:symfony:2.7.6:*
cpe:2.3:a:sensiolabs:symfony:2.7.5:*
cpe:2.3:a:sensiolabs:symfony:2.7.4:* 		2024-11-21 11:38
2015-12-8 		Show GitHub Exploit DB Packet Storm
49 -
6.8 		MEDIUM Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP … CWE-94
Code Injection 		CVE-2015-2308 cpe:2.3:a:sensiolabs:symfony:2.6.5:*
cpe:2.3:a:sensiolabs:symfony:2.6.4:*
cpe:2.3:a:sensiolabs:symfony:2.6.3:* 		2024-11-21 11:27
2015-06-24 		Show GitHub Exploit DB Packet Storm
50 -
4.3 		MEDIUM FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if … CWE-284
Improper Access Control 		CVE-2015-4050 cpe:2.3:a:sensiolabs:symfony:2.6.7:*
cpe:2.3:a:sensiolabs:symfony:2.6.6:*
cpe:2.3:a:sensiolabs:symfony:2.6.5:* 		2024-11-21 11:30
2015-06-2 		Show GitHub Exploit DB Packet Storm