Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/serializer@2.0.4
Typecomposer
Namespacesymfony
Nameserializer
Version2.0.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.0-BETA1
Latest_non_vulnerable_version6.3.8
Affected_by_vulnerabilities
0
url VCID-bdhj-np35-sybt
vulnerability_id VCID-bdhj-np35-sybt
summary 
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
reference_id
reference_type
scores
0
value 0.02089
scoring_system epss
scoring_elements 0.83967
published_at 2026-04-02T12:55:00Z
1
value 0.02089
scoring_system epss
scoring_elements 0.84032
published_at 2026-04-11T12:55:00Z
2
value 0.02089
scoring_system epss
scoring_elements 0.84016
published_at 2026-04-09T12:55:00Z
3
value 0.02089
scoring_system epss
scoring_elements 0.8401
published_at 2026-04-08T12:55:00Z
4
value 0.02089
scoring_system epss
scoring_elements 0.83986
published_at 2026-04-07T12:55:00Z
5
value 0.02089
scoring_system epss
scoring_elements 0.83982
published_at 2026-04-04T12:55:00Z
6
value 0.02089
scoring_system epss
scoring_elements 0.84047
published_at 2026-04-18T12:55:00Z
7
value 0.02089
scoring_system epss
scoring_elements 0.84045
published_at 2026-04-16T12:55:00Z
8
value 0.02089
scoring_system epss
scoring_elements 0.84021
published_at 2026-04-13T12:55:00Z
9
value 0.02089
scoring_system epss
scoring_elements 0.84025
published_at 2026-04-12T12:55:00Z
10
value 0.02419
scoring_system epss
scoring_elements 0.85143
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
4
reference_url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
5
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
reference_id 1055774
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
8
reference_url https://symfony.com/cve-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2023-46734
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
reference_id CVE-2023-46734.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
10
reference_url https://github.com/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q847-2q57-wmr3
11
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
12
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/serializer@5.0.0-BETA1
purl pkg:composer/symfony/serializer@5.0.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@5.0.0-BETA1
1
url pkg:composer/symfony/serializer@5.4.31
purl pkg:composer/symfony/serializer@5.4.31
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@5.4.31
2
url pkg:composer/symfony/serializer@6.3.8
purl pkg:composer/symfony/serializer@6.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@6.3.8
aliases CVE-2023-46734, GHSA-q847-2q57-wmr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bdhj-np35-sybt
1
url VCID-fgxs-w84s-8kh3
vulnerability_id VCID-fgxs-w84s-8kh3
summary 
Improper Restriction of XML External Entity Reference
XML decoding attack vector through external entities.
references
0
reference_url https://symfony.com/blog/security-release-symfony-2-0-11-released
reference_id
reference_type
scores
url https://symfony.com/blog/security-release-symfony-2-0-11-released
fixed_packages
0
url pkg:composer/symfony/serializer@2.0.12
purl pkg:composer/symfony/serializer@2.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bdhj-np35-sybt
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@2.0.12
aliases 2012-02-24
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fgxs-w84s-8kh3
2
url VCID-zyg1-nf3h-b3aj
vulnerability_id VCID-zyg1-nf3h-b3aj
summary 
Symfony XML decoding attack vector through external entities
The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/2012-02-24.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/2012-02-24.yaml
1
reference_url https://github.com/symfony/serializer
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/serializer
2
reference_url https://github.com/symfony/serializer/commit/0943a06a663b573d7319fc1acd56d3484eaaa430
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/serializer/commit/0943a06a663b573d7319fc1acd56d3484eaaa430
3
reference_url https://symfony.com/blog/security-release-symfony-2-0-11-released
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/security-release-symfony-2-0-11-released
4
reference_url https://github.com/advisories/GHSA-j68w-pg49-f6vx
reference_id GHSA-j68w-pg49-f6vx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j68w-pg49-f6vx
fixed_packages
0
url pkg:composer/symfony/serializer@2.0.11
purl pkg:composer/symfony/serializer@2.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@2.0.11
1
url pkg:composer/symfony/serializer@2.0.12
purl pkg:composer/symfony/serializer@2.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bdhj-np35-sybt
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@2.0.12
aliases GHSA-j68w-pg49-f6vx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zyg1-nf3h-b3aj
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@2.0.4