| 0 |
| url |
VCID-14u2-1zfk-rfgg |
| vulnerability_id |
VCID-14u2-1zfk-rfgg |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19789 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75618 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75688 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75702 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75696 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19789 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.4.20 |
| purl |
pkg:composer/symfony/symfony@3.4.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 4 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 5 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 6 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 7 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 8 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 13 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 14 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 15 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 16 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.0.15 |
| purl |
pkg:composer/symfony/symfony@4.0.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 4 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 5 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 6 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 7 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 8 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 13 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 14 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 15 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 16 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 17 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.1.9 |
| purl |
pkg:composer/symfony/symfony@4.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 4 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 5 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 6 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 7 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 8 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 9 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 10 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 11 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 12 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 13 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 14 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 15 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 16 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 17 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 18 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 19 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@4.2.1 |
| purl |
pkg:composer/symfony/symfony@4.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 4 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 5 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 6 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 7 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 8 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 9 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 10 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 11 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 12 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 13 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 14 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 15 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 16 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 17 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 18 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 19 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 20 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1 |
|
|
| aliases |
CVE-2018-19789, GHSA-x3cf-w64x-4cp2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-14u2-1zfk-rfgg |
|
| 1 |
| url |
VCID-277x-pbyn-v7em |
| vulnerability_id |
VCID-277x-pbyn-v7em |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10913 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49527 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.4939 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49533 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49545 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10913 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 4 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 5 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 6 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 7 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 8 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 13 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 14 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 15 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 16 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 17 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 18 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 1 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 2 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 3 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 4 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 5 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 6 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 7 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 8 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 9 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 10 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 11 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 12 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 13 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 14 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 15 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10913, GHSA-x92h-wmg2-6hp7
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-277x-pbyn-v7em |
|
| 2 |
| url |
VCID-2vph-t5gn-xbfa |
| vulnerability_id |
VCID-2vph-t5gn-xbfa |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-46734 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02588 |
| scoring_system |
epss |
| scoring_elements |
0.85962 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.02588 |
| scoring_system |
epss |
| scoring_elements |
0.85911 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.02588 |
| scoring_system |
epss |
| scoring_elements |
0.85959 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.02588 |
| scoring_system |
epss |
| scoring_elements |
0.8597 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-46734 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-46734, GHSA-q847-2q57-wmr3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2vph-t5gn-xbfa |
|
| 3 |
| url |
VCID-3x8r-7w2f-jfbd |
| vulnerability_id |
VCID-3x8r-7w2f-jfbd |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24894 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39693 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39877 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39888 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39864 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24894 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24894, GHSA-h7vf-5wrv-9fhv, GMS-2023-209, GMS-2023-212
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3x8r-7w2f-jfbd |
|
| 4 |
| url |
VCID-3xr5-h38c-9fc2 |
| vulnerability_id |
VCID-3xr5-h38c-9fc2 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10910 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.11901 |
| scoring_system |
epss |
| scoring_elements |
0.93926 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.11901 |
| scoring_system |
epss |
| scoring_elements |
0.93906 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.11901 |
| scoring_system |
epss |
| scoring_elements |
0.93933 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.11901 |
| scoring_system |
epss |
| scoring_elements |
0.93931 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10910 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 4 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 5 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 6 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 7 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 8 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 13 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 14 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 15 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 16 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 17 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 18 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 1 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 2 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 3 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 4 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 5 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 6 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 7 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 8 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 9 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 10 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 11 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 12 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 13 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 14 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 15 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10910, GHSA-pgwj-prpq-jpc2
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3xr5-h38c-9fc2 |
|
| 5 |
| url |
VCID-48cj-cbs6-83d7 |
| vulnerability_id |
VCID-48cj-cbs6-83d7 |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-21424 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.57052 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.56925 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.57045 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.57059 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-21424 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-21424, GHSA-5pv8-ppvj-4h68
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-48cj-cbs6-83d7 |
|
| 6 |
| url |
VCID-6aj5-vhfg-qkgk |
| vulnerability_id |
VCID-6aj5-vhfg-qkgk |
| summary |
symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-50345 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60842 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60846 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60852 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60737 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-50345 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://symfony.com/cve-2024-50345 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-50345 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://url.spec.whatwg.org |
| reference_id |
url.spec.whatwg.org |
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/ |
|
|
| url |
https://url.spec.whatwg.org |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-50345, GHSA-mrqx-rp3w-jpjp
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6aj5-vhfg-qkgk |
|
| 7 |
| url |
VCID-6byh-zvqa-qucx |
| vulnerability_id |
VCID-6byh-zvqa-qucx |
| summary |
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-51736 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.74266 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.74181 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.74268 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.74255 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-51736 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://symfony.com/cve-2024-51736 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-51736 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q |
| reference_id |
GHSA-qq5c-677p-737q |
| reference_type |
|
| scores |
| 0 |
| value |
0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |
|
| 1 |
| value |
8.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 3 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 4 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/ |
|
|
| url |
https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-51736, GHSA-qq5c-677p-737q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6byh-zvqa-qucx |
|
| 8 |
|
| 9 |
| url |
VCID-8trz-ymga-uqdb |
| vulnerability_id |
VCID-8trz-ymga-uqdb |
| summary |
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-50343 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.48275 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.48276 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.48292 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.48138 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-50343 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://symfony.com/cve-2024-50343 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-50343 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-50343, GHSA-g3rh-rrhp-jhh9
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8trz-ymga-uqdb |
|
| 10 |
| url |
VCID-bhuc-44kp-3fgx |
| vulnerability_id |
VCID-bhuc-44kp-3fgx |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14773 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.95094 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.95079 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.95098 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.95096 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14773 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.4.14 |
| purl |
pkg:composer/symfony/symfony@3.4.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14u2-1zfk-rfgg |
|
| 1 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 2 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 3 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 4 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 5 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 6 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 7 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 8 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 9 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 10 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 11 |
| vulnerability |
VCID-dyqe-h5ha-pbc6 |
|
| 12 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 13 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 14 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 15 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 16 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 17 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 18 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.0.14 |
| purl |
pkg:composer/symfony/symfony@4.0.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14u2-1zfk-rfgg |
|
| 1 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 2 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 3 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 4 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 5 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 6 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 7 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 8 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 9 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 10 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 11 |
| vulnerability |
VCID-dyqe-h5ha-pbc6 |
|
| 12 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 13 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 14 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 15 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 16 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 17 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 18 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 19 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.1.3 |
| purl |
pkg:composer/symfony/symfony@4.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14u2-1zfk-rfgg |
|
| 1 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 2 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 3 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 4 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 5 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 6 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 7 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 8 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 9 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 10 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 11 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 12 |
| vulnerability |
VCID-dyqe-h5ha-pbc6 |
|
| 13 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 14 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 15 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 16 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 17 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 18 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 19 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 20 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 21 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3 |
|
|
| aliases |
CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bhuc-44kp-3fgx |
|
| 11 |
| url |
VCID-dnwt-puv7-mbgm |
| vulnerability_id |
VCID-dnwt-puv7-mbgm |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24895 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07335 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07301 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07343 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07336 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24895 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24895, GHSA-3gv2-29qc-v67m, GMS-2023-210, GMS-2023-211
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dnwt-puv7-mbgm |
|
| 12 |
| url |
VCID-dyqe-h5ha-pbc6 |
| vulnerability_id |
VCID-dyqe-h5ha-pbc6 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19790 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.63943 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.64045 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.64059 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.64056 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19790 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.4.20 |
| purl |
pkg:composer/symfony/symfony@3.4.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 4 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 5 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 6 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 7 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 8 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 13 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 14 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 15 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 16 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.0.15 |
| purl |
pkg:composer/symfony/symfony@4.0.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 4 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 5 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 6 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 7 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 8 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 13 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 14 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 15 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 16 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 17 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.1.9 |
| purl |
pkg:composer/symfony/symfony@4.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 4 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 5 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 6 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 7 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 8 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 9 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 10 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 11 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 12 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 13 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 14 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 15 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 16 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 17 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 18 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 19 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@4.2.1 |
| purl |
pkg:composer/symfony/symfony@4.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 4 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 5 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 6 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 7 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 8 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 9 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 10 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 11 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 12 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 13 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 14 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 15 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 16 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 17 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 18 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 19 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 20 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1 |
|
|
| aliases |
CVE-2018-19790, GHSA-89r2-5g34-2g47
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dyqe-h5ha-pbc6 |
|
| 13 |
| url |
VCID-hrpp-29gt-1kap |
| vulnerability_id |
VCID-hrpp-29gt-1kap |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10912 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01116 |
| scoring_system |
epss |
| scoring_elements |
0.78678 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.01116 |
| scoring_system |
epss |
| scoring_elements |
0.78612 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.01116 |
| scoring_system |
epss |
| scoring_elements |
0.78692 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.01116 |
| scoring_system |
epss |
| scoring_elements |
0.78695 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10912 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 4 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 5 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 6 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 7 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 8 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 13 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 14 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 15 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 16 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 17 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 18 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 1 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 2 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 3 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 4 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 5 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 6 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 7 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 8 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 9 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 10 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 11 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 12 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 13 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 14 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 15 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10912, GHSA-w2fr-65vp-mxw3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hrpp-29gt-1kap |
|
| 14 |
| url |
VCID-k8q8-sb46-5qbw |
| vulnerability_id |
VCID-k8q8-sb46-5qbw |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23601 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00173 |
| scoring_system |
epss |
| scoring_elements |
0.38761 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00173 |
| scoring_system |
epss |
| scoring_elements |
0.38576 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00173 |
| scoring_system |
epss |
| scoring_elements |
0.38772 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00173 |
| scoring_system |
epss |
| scoring_elements |
0.38749 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23601 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-23601, GHSA-vvmr-8829-6whx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k8q8-sb46-5qbw |
|
| 15 |
| url |
VCID-n17z-j2b9-fub1 |
| vulnerability_id |
VCID-n17z-j2b9-fub1 |
| summary |
An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14774 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37407 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37584 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37609 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37596 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14774 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.4.14 |
| purl |
pkg:composer/symfony/symfony@3.4.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14u2-1zfk-rfgg |
|
| 1 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 2 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 3 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 4 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 5 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 6 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 7 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 8 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 9 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 10 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 11 |
| vulnerability |
VCID-dyqe-h5ha-pbc6 |
|
| 12 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 13 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 14 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 15 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 16 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 17 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 18 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.0.14 |
| purl |
pkg:composer/symfony/symfony@4.0.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14u2-1zfk-rfgg |
|
| 1 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 2 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 3 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 4 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 5 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 6 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 7 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 8 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 9 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 10 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 11 |
| vulnerability |
VCID-dyqe-h5ha-pbc6 |
|
| 12 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 13 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 14 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 15 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 16 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 17 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 18 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 19 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.1.3 |
| purl |
pkg:composer/symfony/symfony@4.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14u2-1zfk-rfgg |
|
| 1 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 2 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 3 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 4 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 5 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 6 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 7 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 8 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 9 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 10 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 11 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 12 |
| vulnerability |
VCID-dyqe-h5ha-pbc6 |
|
| 13 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 14 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 15 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 16 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 17 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 18 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 19 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 20 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 21 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3 |
|
|
| aliases |
CVE-2018-14774, GHSA-66p6-7p29-55p9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n17z-j2b9-fub1 |
|
| 16 |
|
| 17 |
| url |
VCID-t9v8-mwys-pba3 |
| vulnerability_id |
VCID-t9v8-mwys-pba3 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10911 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00272 |
| scoring_system |
epss |
| scoring_elements |
0.51071 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00272 |
| scoring_system |
epss |
| scoring_elements |
0.50938 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00272 |
| scoring_system |
epss |
| scoring_elements |
0.51073 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.00272 |
| scoring_system |
epss |
| scoring_elements |
0.51085 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10911 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 4 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 5 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 6 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 7 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 8 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 13 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 14 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 15 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 16 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 17 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 18 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 1 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 2 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 3 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 4 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 5 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 6 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 7 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 8 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 9 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 10 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 11 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 12 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 13 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 14 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 15 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10911, GHSA-cchx-mfrc-fwqr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t9v8-mwys-pba3 |
|
| 18 |
| url |
VCID-vc7s-6p62-bfaw |
| vulnerability_id |
VCID-vc7s-6p62-bfaw |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10909 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.58295 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.58182 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.583 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.58311 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10909 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 4 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 5 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 6 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 7 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 8 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 13 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 14 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 15 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 16 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 17 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 18 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 1 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 2 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 3 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 4 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 5 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 6 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 7 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 8 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 9 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 10 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 11 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 12 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 13 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 14 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 15 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10909, GHSA-g996-q5r8-w7g2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vc7s-6p62-bfaw |
|
| 19 |
| url |
VCID-yz7h-r417-zuds |
| vulnerability_id |
VCID-yz7h-r417-zuds |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mis-handle unquoted arguments containing these characters. This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended. If an application (or tooling such as Composer scripts) uses Symfony Process to invoke file-management commands (e.g. `rmdir`, `del`, etc.) with a path argument containing `=`, the MSYS2 conversion layer may alter the argument at runtime. In affected setups this can result in operations being performed on an unintended path, up to and including deletion of the contents of a broader directory or drive. The issue is particularly relevant when untrusted input can influence process arguments (directly or indirectly, e.g. via repository paths, extracted archive paths, temporary directories, or user-controlled configuration). Versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5 contains a patch for the issue. Some workarounds are available. Avoid running PHP/one's own tooling from MSYS2-based shells on Windows; prefer cmd.exe or PowerShell for workflows that spawn native executables. Avoid passing paths containing `=` (and similar MSYS2-sensitive characters) to Symfony Process when operating under Git Bash/MSYS2. Where applicable, configure MSYS2 to disable or restrict argument conversion (e.g. via `MSYS2_ARG_CONV_EXCL`), understanding this may affect other tooling behavior. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-24739 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01649 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01635 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01639 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01641 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-24739 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-24739, GHSA-r39x-jcww-82v6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yz7h-r417-zuds |
|
| 20 |
| url |
VCID-zws9-ffpd-5ffw |
| vulnerability_id |
VCID-zws9-ffpd-5ffw |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption. Starting in versions 5.4.50, 6.4.29, and 7.3.7, the `Request` class now ensures that URL paths always start with a `/`. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64500 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06307 |
| scoring_system |
epss |
| scoring_elements |
0.91191 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.06307 |
| scoring_system |
epss |
| scoring_elements |
0.91154 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.06307 |
| scoring_system |
epss |
| scoring_elements |
0.91185 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.06307 |
| scoring_system |
epss |
| scoring_elements |
0.91193 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64500 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-64500, GHSA-3rg7-wf37-54rm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zws9-ffpd-5ffw |
|