Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/symfony@5.4.0
Typecomposer
Namespacesymfony
Namesymfony
Version5.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.4.51
Latest_non_vulnerable_version8.0.12
Affected_by_vulnerabilities
0
url VCID-2fjn-22pk-p7fx
vulnerability_id VCID-2fjn-22pk-p7fx
summary 
Cross-Site Request Forgery (CSRF)
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23601
reference_id
reference_type
scores
0
value 0.00173
scoring_system epss
scoring_elements 0.38505
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23601
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/
url https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23601
reference_id CVE-2022-23601
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23601
4
reference_url https://symfony.com/cve-2022-23601
reference_id CVE-2022-23601
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2022-23601
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml
reference_id CVE-2022-23601.YAML
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml
reference_id CVE-2022-23601.YAML
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml
7
reference_url https://github.com/advisories/GHSA-vvmr-8829-6whx
reference_id GHSA-vvmr-8829-6whx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vvmr-8829-6whx
8
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx
reference_id GHSA-vvmr-8829-6whx
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx
fixed_packages
0
url pkg:composer/symfony/symfony@5.4.4
purl pkg:composer/symfony/symfony@5.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-7pwc-t6vf-eyax
2
vulnerability VCID-9mbr-qumx-8yhz
3
vulnerability VCID-dmsr-jrsf-tqdu
4
vulnerability VCID-hkcs-2mjk-ubhw
5
vulnerability VCID-mqjv-9ptq-q3g9
6
vulnerability VCID-mxta-zqzb-nfbv
7
vulnerability VCID-uvpz-6mss-9bgn
8
vulnerability VCID-wtr6-xz9n-uqg3
9
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.4
1
url pkg:composer/symfony/symfony@6.0.4
purl pkg:composer/symfony/symfony@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-7pwc-t6vf-eyax
2
vulnerability VCID-9mbr-qumx-8yhz
3
vulnerability VCID-dmsr-jrsf-tqdu
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-mxta-zqzb-nfbv
6
vulnerability VCID-uvpz-6mss-9bgn
7
vulnerability VCID-wtr6-xz9n-uqg3
8
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.4
aliases CVE-2022-23601, GHSA-vvmr-8829-6whx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fjn-22pk-p7fx
1
url VCID-6kq8-5k4z-27f2
vulnerability_id VCID-6kq8-5k4z-27f2
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50345
reference_id
reference_type
scores
0
value 0.00394
scoring_system epss
scoring_elements 0.60588
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50345
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819
6
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
7
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50345
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50345
9
reference_url https://symfony.com/cve-2024-50345
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-50345
10
reference_url https://url.spec.whatwg.org
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/
url https://url.spec.whatwg.org
11
reference_url https://github.com/advisories/GHSA-mrqx-rp3w-jpjp
reference_id GHSA-mrqx-rp3w-jpjp
reference_type
scores
url https://github.com/advisories/GHSA-mrqx-rp3w-jpjp
12
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@7.2.0-BETA1
purl pkg:composer/symfony/symfony@7.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1
1
url pkg:composer/symfony/symfony@5.4.46
purl pkg:composer/symfony/symfony@5.4.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkcs-2mjk-ubhw
1
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46
2
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
3
url pkg:composer/symfony/symfony@6.4.14
purl pkg:composer/symfony/symfony@6.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkcs-2mjk-ubhw
1
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14
4
url pkg:composer/symfony/symfony@7.0.0-BETA1
purl pkg:composer/symfony/symfony@7.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1
5
url pkg:composer/symfony/symfony@7.1.7
purl pkg:composer/symfony/symfony@7.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7
aliases CVE-2024-50345, GHSA-mrqx-rp3w-jpjp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6kq8-5k4z-27f2
2
url VCID-7pwc-t6vf-eyax
vulnerability_id VCID-7pwc-t6vf-eyax
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24894
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39605
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24894
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/
url https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb
3
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24894
reference_id CVE-2022-24894
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24894
5
reference_url https://symfony.com/cve-2022-24894
reference_id CVE-2022-24894
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2022-24894
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml
reference_id CVE-2022-24894.YAML
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml
reference_id CVE-2022-24894.YAML
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml
8
reference_url https://github.com/advisories/GHSA-h7vf-5wrv-9fhv
reference_id GHSA-h7vf-5wrv-9fhv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h7vf-5wrv-9fhv
9
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv
reference_id GHSA-h7vf-5wrv-9fhv
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv
10
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@6.1.0-BETA1
purl pkg:composer/symfony/symfony@6.1.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-mxta-zqzb-nfbv
5
vulnerability VCID-wtr6-xz9n-uqg3
6
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1
1
url pkg:composer/symfony/symfony@6.2.0-BETA1
purl pkg:composer/symfony/symfony@6.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-mxta-zqzb-nfbv
5
vulnerability VCID-wtr6-xz9n-uqg3
6
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1
2
url pkg:composer/symfony/symfony@5.4.20
purl pkg:composer/symfony/symfony@5.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-hkcs-2mjk-ubhw
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-mxta-zqzb-nfbv
6
vulnerability VCID-wtr6-xz9n-uqg3
7
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20
3
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
4
url pkg:composer/symfony/symfony@6.0.20
purl pkg:composer/symfony/symfony@6.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-mxta-zqzb-nfbv
5
vulnerability VCID-wtr6-xz9n-uqg3
6
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20
5
url pkg:composer/symfony/symfony@6.1.12
purl pkg:composer/symfony/symfony@6.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-mxta-zqzb-nfbv
5
vulnerability VCID-wtr6-xz9n-uqg3
6
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12
6
url pkg:composer/symfony/symfony@6.2.6
purl pkg:composer/symfony/symfony@6.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-dw66-36y1-g7hz
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-mxta-zqzb-nfbv
6
vulnerability VCID-wtr6-xz9n-uqg3
7
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6
aliases CVE-2022-24894, GHSA-h7vf-5wrv-9fhv, GMS-2023-209, GMS-2023-212
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7pwc-t6vf-eyax
3
url VCID-9mbr-qumx-8yhz
vulnerability_id VCID-9mbr-qumx-8yhz
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51736
reference_id
reference_type
scores
0
value 0.00783
scoring_system epss
scoring_elements 0.74047
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51736
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml
3
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
4
reference_url https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9
5
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q
reference_id
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51736
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51736
7
reference_url https://symfony.com/cve-2024-51736
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-51736
8
reference_url https://github.com/advisories/GHSA-qq5c-677p-737q
reference_id GHSA-qq5c-677p-737q
reference_type
scores
url https://github.com/advisories/GHSA-qq5c-677p-737q
fixed_packages
0
url pkg:composer/symfony/symfony@7.2.0-BETA1
purl pkg:composer/symfony/symfony@7.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1
1
url pkg:composer/symfony/symfony@5.4.46
purl pkg:composer/symfony/symfony@5.4.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkcs-2mjk-ubhw
1
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46
2
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
3
url pkg:composer/symfony/symfony@6.4.14
purl pkg:composer/symfony/symfony@6.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkcs-2mjk-ubhw
1
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14
4
url pkg:composer/symfony/symfony@7.0.0-BETA1
purl pkg:composer/symfony/symfony@7.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1
5
url pkg:composer/symfony/symfony@7.1.7
purl pkg:composer/symfony/symfony@7.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7
aliases CVE-2024-51736, GHSA-qq5c-677p-737q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mbr-qumx-8yhz
4
url VCID-dmsr-jrsf-tqdu
vulnerability_id VCID-dmsr-jrsf-tqdu
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50342
reference_id
reference_type
scores
0
value 0.00502
scoring_system epss
scoring_elements 0.66345
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50342
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml
3
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
4
reference_url https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/
url https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b
5
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50342
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50342
7
reference_url https://symfony.com/cve-2024-50342
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-50342
8
reference_url https://github.com/advisories/GHSA-9c3x-r3wp-mgxm
reference_id GHSA-9c3x-r3wp-mgxm
reference_type
scores
url https://github.com/advisories/GHSA-9c3x-r3wp-mgxm
9
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@7.2.0-BETA1
purl pkg:composer/symfony/symfony@7.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1
1
url pkg:composer/symfony/symfony@5.4.47
purl pkg:composer/symfony/symfony@5.4.47
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkcs-2mjk-ubhw
1
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.47
2
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
3
url pkg:composer/symfony/symfony@6.4.15
purl pkg:composer/symfony/symfony@6.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkcs-2mjk-ubhw
1
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.15
4
url pkg:composer/symfony/symfony@7.0.0-BETA1
purl pkg:composer/symfony/symfony@7.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1
5
url pkg:composer/symfony/symfony@7.1.8
purl pkg:composer/symfony/symfony@7.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.8
aliases CVE-2024-50342, GHSA-9c3x-r3wp-mgxm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsr-jrsf-tqdu
5
url VCID-hkcs-2mjk-ubhw
vulnerability_id VCID-hkcs-2mjk-ubhw
summary 
Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows
The Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters.

This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24739
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01652
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24739
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/
url https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3
3
reference_url https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/
url https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b
4
reference_url https://github.com/symfony/symfony/issues/62921
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/
url https://github.com/symfony/symfony/issues/62921
5
reference_url https://github.com/symfony/symfony/pull/63164
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/
url https://github.com/symfony/symfony/pull/63164
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24739
reference_id CVE-2026-24739
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24739
7
reference_url https://github.com/advisories/GHSA-r39x-jcww-82v6
reference_id GHSA-r39x-jcww-82v6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r39x-jcww-82v6
8
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6
reference_id GHSA-r39x-jcww-82v6
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6
fixed_packages
0
url pkg:composer/symfony/symfony@7.4.0-BETA1
purl pkg:composer/symfony/symfony@7.4.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1
1
url pkg:composer/symfony/symfony@5.4.51
purl pkg:composer/symfony/symfony@5.4.51
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.51
2
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
3
url pkg:composer/symfony/symfony@6.4.33
purl pkg:composer/symfony/symfony@6.4.33
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.33
4
url pkg:composer/symfony/symfony@7.0.0-BETA1
purl pkg:composer/symfony/symfony@7.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1
5
url pkg:composer/symfony/symfony@7.3.11
purl pkg:composer/symfony/symfony@7.3.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.11
6
url pkg:composer/symfony/symfony@7.4.5
purl pkg:composer/symfony/symfony@7.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.5
7
url pkg:composer/symfony/symfony@8.0.0-BETA1
purl pkg:composer/symfony/symfony@8.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.0-BETA1
8
url pkg:composer/symfony/symfony@8.0.5
purl pkg:composer/symfony/symfony@8.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.5
aliases CVE-2026-24739, GHSA-r39x-jcww-82v6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkcs-2mjk-ubhw
6
url VCID-mqjv-9ptq-q3g9
vulnerability_id VCID-mqjv-9ptq-q3g9
summary 
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
The `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64500
reference_id
reference_type
scores
0
value 0.06307
scoring_system epss
scoring_elements 0.91097
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64500
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
reference_id CVE-2025-64500
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
4
reference_url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
reference_id CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
7
reference_url https://github.com/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3rg7-wf37-54rm
8
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
fixed_packages
0
url pkg:composer/symfony/symfony@7.4.0-BETA1
purl pkg:composer/symfony/symfony@7.4.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1
1
url pkg:composer/symfony/symfony@5.4.50
purl pkg:composer/symfony/symfony@5.4.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkcs-2mjk-ubhw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50
2
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
3
url pkg:composer/symfony/symfony@6.4.29
purl pkg:composer/symfony/symfony@6.4.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkcs-2mjk-ubhw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29
4
url pkg:composer/symfony/symfony@7.0.0-BETA1
purl pkg:composer/symfony/symfony@7.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1
5
url pkg:composer/symfony/symfony@7.3.7
purl pkg:composer/symfony/symfony@7.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkcs-2mjk-ubhw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7
aliases CVE-2025-64500, GHSA-3rg7-wf37-54rm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqjv-9ptq-q3g9
7
url VCID-mxta-zqzb-nfbv
vulnerability_id VCID-mxta-zqzb-nfbv
summary 
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
reference_id
reference_type
scores
0
value 0.02419
scoring_system epss
scoring_elements 0.85376
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
3
reference_url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
4
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
reference_id 1055774
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
7
reference_url https://symfony.com/cve-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2023-46734
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
reference_id CVE-2023-46734.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
9
reference_url https://github.com/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q847-2q57-wmr3
10
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
11
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@6.4.0-BETA1
purl pkg:composer/symfony/symfony@6.4.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-dw66-36y1-g7hz
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-wtr6-xz9n-uqg3
6
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.0-BETA1
1
url pkg:composer/symfony/symfony@5.4.31
purl pkg:composer/symfony/symfony@5.4.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-hkcs-2mjk-ubhw
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-wtr6-xz9n-uqg3
6
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31
2
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
3
url pkg:composer/symfony/symfony@6.3.8
purl pkg:composer/symfony/symfony@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-dw66-36y1-g7hz
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-wtr6-xz9n-uqg3
6
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8
aliases CVE-2023-46734, GHSA-q847-2q57-wmr3
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mxta-zqzb-nfbv
8
url VCID-uvpz-6mss-9bgn
vulnerability_id VCID-uvpz-6mss-9bgn
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24895
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06271
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24895
1
reference_url https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
4
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24895
reference_id CVE-2022-24895
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24895
6
reference_url https://symfony.com/cve-2022-24895
reference_id CVE-2022-24895
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2022-24895
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
reference_id CVE-2022-24895.YAML
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
reference_id CVE-2022-24895.YAML
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
9
reference_url https://github.com/advisories/GHSA-3gv2-29qc-v67m
reference_id GHSA-3gv2-29qc-v67m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3gv2-29qc-v67m
10
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
reference_id GHSA-3gv2-29qc-v67m
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
11
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@6.1.0-BETA1
purl pkg:composer/symfony/symfony@6.1.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-mxta-zqzb-nfbv
5
vulnerability VCID-wtr6-xz9n-uqg3
6
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1
1
url pkg:composer/symfony/symfony@6.2.0-BETA1
purl pkg:composer/symfony/symfony@6.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-mxta-zqzb-nfbv
5
vulnerability VCID-wtr6-xz9n-uqg3
6
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1
2
url pkg:composer/symfony/symfony@5.4.20
purl pkg:composer/symfony/symfony@5.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-hkcs-2mjk-ubhw
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-mxta-zqzb-nfbv
6
vulnerability VCID-wtr6-xz9n-uqg3
7
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20
3
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
4
url pkg:composer/symfony/symfony@6.0.20
purl pkg:composer/symfony/symfony@6.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-mxta-zqzb-nfbv
5
vulnerability VCID-wtr6-xz9n-uqg3
6
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20
5
url pkg:composer/symfony/symfony@6.1.12
purl pkg:composer/symfony/symfony@6.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-mxta-zqzb-nfbv
5
vulnerability VCID-wtr6-xz9n-uqg3
6
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12
6
url pkg:composer/symfony/symfony@6.2.6
purl pkg:composer/symfony/symfony@6.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-dw66-36y1-g7hz
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-mxta-zqzb-nfbv
6
vulnerability VCID-wtr6-xz9n-uqg3
7
vulnerability VCID-yzth-mby6-fua5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6
aliases CVE-2022-24895, GHSA-3gv2-29qc-v67m, GMS-2023-210, GMS-2023-211
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvpz-6mss-9bgn
9
url VCID-wtr6-xz9n-uqg3
vulnerability_id VCID-wtr6-xz9n-uqg3
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50340
reference_id
reference_type
scores
0
value 0.85051
scoring_system epss
scoring_elements 0.99366
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50340
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml
3
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
4
reference_url https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/
url https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa
5
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50340
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50340
7
reference_url https://symfony.com/cve-2024-50340
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-50340
8
reference_url https://github.com/advisories/GHSA-x8vp-gf4q-mw5j
reference_id GHSA-x8vp-gf4q-mw5j
reference_type
scores
url https://github.com/advisories/GHSA-x8vp-gf4q-mw5j
9
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@7.2.0-BETA1
purl pkg:composer/symfony/symfony@7.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1
1
url pkg:composer/symfony/symfony@5.4.46
purl pkg:composer/symfony/symfony@5.4.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkcs-2mjk-ubhw
1
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46
2
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
3
url pkg:composer/symfony/symfony@6.4.14
purl pkg:composer/symfony/symfony@6.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkcs-2mjk-ubhw
1
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14
4
url pkg:composer/symfony/symfony@7.0.0-BETA1
purl pkg:composer/symfony/symfony@7.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1
5
url pkg:composer/symfony/symfony@7.1.7
purl pkg:composer/symfony/symfony@7.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7
aliases CVE-2024-50340, GHSA-x8vp-gf4q-mw5j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wtr6-xz9n-uqg3
10
url VCID-yzth-mby6-fua5
vulnerability_id VCID-yzth-mby6-fua5
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50343
reference_id
reference_type
scores
0
value 0.00246
scoring_system epss
scoring_elements 0.4803
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50343
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/
url https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f
6
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
7
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50343
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50343
9
reference_url https://symfony.com/cve-2024-50343
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-50343
10
reference_url https://github.com/advisories/GHSA-g3rh-rrhp-jhh9
reference_id GHSA-g3rh-rrhp-jhh9
reference_type
scores
url https://github.com/advisories/GHSA-g3rh-rrhp-jhh9
11
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@5.4.43
purl pkg:composer/symfony/symfony@5.4.43
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-hkcs-2mjk-ubhw
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-wtr6-xz9n-uqg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.43
1
url pkg:composer/symfony/symfony@6.4.11
purl pkg:composer/symfony/symfony@6.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-hkcs-2mjk-ubhw
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-wtr6-xz9n-uqg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.11
2
url pkg:composer/symfony/symfony@7.1.4
purl pkg:composer/symfony/symfony@7.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-9mbr-qumx-8yhz
2
vulnerability VCID-dmsr-jrsf-tqdu
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-wtr6-xz9n-uqg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.4
aliases CVE-2024-50343, GHSA-g3rh-rrhp-jhh9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yzth-mby6-fua5
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.0