Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Symfony Number Of NVD 85 CRITICAL 10 HIGH 33 MEDIUM 42 LOW 0
URL https://symfony.com/
Explanation Symfony is a framework that provides the necessary components to develop web applications quickly and easily in PHP.
It is based on Model View Controller (MVC).
It has been in development since December 2004 and has a large user base.
It is a framework suitable for large scale development with PHP.

Normal release is 8 months for bug fixes and 14 months for security fixes.
Long-term support includes bug fixes for 3 years and security fixes for 4 years.
Tag
  • MIT License
  • PHP

Add Information URL
No Type Name URL
1 https://symfony.com/download
2 https://symfony.com/releases

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
81 Symfony 8.1 8.1.1 June 27, 2026 May 29, 2026 Dec. 31, 2026 0 0 0 0
82 Symfony 7.1 7.1.11 Jan. 29, 2025 May 31, 2024 Jan. 31, 2025 1 10 10 0
83 Symfony 7.0 7.0.10 July 26, 2024 Nov. 29, 2023 July 31, 2024 1 9 10 0
84 Symfony 6.4(LTS) 6.4.29 Nov. 12, 2025 Nov. 29, 2023 June 28, 2027 2 9 10 0
85 Symfony 6.3 6.3.12 Jan. 30, 2024 May 30, 2023 Jan. 31, 2024 2 8 11 0
86 Symfony 6.2 6.2.14 July 31, 2023 Nov. 30, 2022 July 30, 2023 1 10 11 0
87 Symfony 6.1 6.1.12 Feb. 1, 2023 May 27, 2022 Jan. 31, 2023 1 10 10 0
88 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 July 31, 2022 1 11 5 0
89 Symfony 6.0 6.0.20 Feb. 1, 2023 Nov. 29, 2021 Jan. 31, 2023 1 11 5 0
90 Symfony 5.4(LTS) 5.4.50 Nov. 12, 2025 Nov. 29, 2021 Nov. 30, 2024 1 12 4 0
91 Symfony 5.3 5.3.16 March 1, 2022 May 31, 2021 Jan. 31, 2022 1 13 6 0
92 Symfony 5.2 5.2.14 July 29, 2021 Nov. 30, 2020 July 31, 2021 1 11 7 0
93 Symfony 5.1 5.1.11 Jan. 27, 2021 May 31, 2020 Jan. 31, 2021 1 12 6 0
94 Symfony 5.0 5.0.11 July 24, 2020 Nov. 21, 2019 Nov. 30, 2019 July 31, 2020 1 12 8 0
95 Symfony 4.4(LTS) 4.4.51 Nov. 10, 2023 Nov. 21, 2019 Nov. 30, 2022 Nov. 30, 2023 1 13 8 0
96 Symfony 4.3 4.3.11 Jan. 31, 2020 May 30, 2019 Jan. 31, 2020 July 31, 2020 3 13 7 0
97 Symfony 4.2 4.2.12 Nov. 13, 2019 Nov. 30, 2018 July 31, 2019 Jan. 31, 2020 5 15 10 0
98 Symfony 4.1 4.1.12 April 17, 2019 May 30, 2018 Jan. 31, 2019 July 31, 2019 3 14 10 0
99 Symfony 4.0 4.0.15 Dec. 6, 2018 Nov. 30, 2017 July 31, 2018 Jan. 31, 2019 2 14 10 0
100 Symfony 3.4 3.4.49 May 19, 2021 Nov. 30, 2017 Nov. 30, 2020 Nov. 30, 2020 5 19 12 0
101 Symfony 8.0 8.2 3 12 13 0
102 Symfony 7.0 7.4 1 9 10 0
103 Symfony 3.3 3.3.9 3 15 15 0
104 Symfony 3.2 3.2.9 2 12 10 0
105 Symfony 3.1 3.1.9 1 11 8 0
106 Symfony 3.0 3.0.9 2 12 8 0
107 Symfony 2.8 2.8.9 6 19 13 0
108 Symfony 2.7 2.7.9 4 19 13 0
109 Symfony 2.6 2.6.9 1 13 8 0
110 Symfony 2.5 2.5.9 1 11 7 0
111 Symfony 2.4 2.4.9 1 11 7 0
112 Symfony 2.3 2.3.9 1 15 10 0
113 Symfony 2.2 2.2.9 1 15 9 0
114 Symfony 2.1 2.1.9 1 15 9 0
115 Symfony 2.0 2.0.9 1 16 10 0
116 Symfony 1.4 1.4.9 1 11 6 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
81 -
7.5
HIGH The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397. CWE-94
Code Injection
CVE-2013-1348 cpe:2.3:a:sensiolabs:symfony:2.0.9:*
cpe:2.3:a:sensiolabs:symfony:2.0.8:*
cpe:2.3:a:sensiolabs:symfony:2.0.7:*
2024-11-21 10:49
2014-06-3
Show GitHub Exploit DB Packet Storm
82 -
6.8
MEDIUM Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI begin… CWE-264
Permissions, Privileges, and Access Controls
CVE-2012-6432 cpe:2.3:a:sensiolabs:symfony:2.2:dev
cpe:2.3:a:sensiolabs:symfony:2.1.3:*
cpe:2.3:a:sensiolabs:symfony:2.1.2:*
2024-11-21 10:46
2012-12-27
Show GitHub Exploit DB Packet Storm
83 -
6.4
MEDIUM Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly e… CWE-264
Permissions, Privileges, and Access Controls
CVE-2012-6431 cpe:2.3:a:sensiolabs:symfony:2.0.9:*
cpe:2.3:a:sensiolabs:symfony:2.0.8:*
cpe:2.3:a:sensiolabs:symfony:2.0.7:*
2024-11-21 10:46
2012-12-27
Show GitHub Exploit DB Packet Storm
84 -
5.0
MEDIUM lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. CWE-264
Permissions, Privileges, and Access Controls
CVE-2012-5574 cpe:2.3:a:sensiolabs:symfony:1.4.9:*
cpe:2.3:a:sensiolabs:symfony:1.4.8:*
cpe:2.3:a:sensiolabs:symfony:1.4.7:*
1.4.19 2024-11-21 10:44
2012-12-18
Show GitHub Exploit DB Packet Storm
85 -
4.3
MEDIUM Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate metho… NVD-CWE-Other
CVE-2012-2667 cpe:2.3:a:sensiolabs:symfony:1.4.9:*
cpe:2.3:a:sensiolabs:symfony:1.4.8:*
cpe:2.3:a:sensiolabs:symfony:1.4.7:*
1.4.17 2024-11-21 10:39
2012-06-8
Show GitHub Exploit DB Packet Storm