Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/symfony/security@2.7.3
purl pkg:composer/symfony/security@2.7.3
Next non-vulnerable version 2.7.51
Latest non-vulnerable version 4.4.24
Risk 4.0
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-556v-rym3-6yax
Aliases:
CVE-2018-11406
GHSA-g4g7-q726-v5hg
Cross-Site Request Forgery (CSRF) By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
2.7.48
Affected by 5 other vulnerabilities.
2.8.41
Affected by 3 other vulnerabilities.
3.3.17
Affected by 6 other vulnerabilities.
3.4.11
Affected by 3 other vulnerabilities.
4.0.11
Affected by 3 other vulnerabilities.
VCID-5u5z-qzg2-sbhg
Aliases:
CVE-2015-8125
GHSA-g97c-jfx6-xvxh
Information Exposure Through Timing Discrepancy Symfony allows remote attackers to have unspecified impact via a timing attack.
2.7.7
Affected by 7 other vulnerabilities.
VCID-71vh-7wte-kfcx
Aliases:
CVE-2018-11385
GHSA-g4rg-rw65-8hfg
Session Fixation A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
2.7.48
Affected by 5 other vulnerabilities.
2.8.41
Affected by 3 other vulnerabilities.
3.3.17
Affected by 6 other vulnerabilities.
3.4.11
Affected by 3 other vulnerabilities.
4.0.11
Affected by 3 other vulnerabilities.
VCID-ahmf-nthw-ufaq
Aliases:
CVE-2016-1902
GHSA-jjx5-fq5g-8xpc
Cryptographic Issues The `nextBytes` function in the `SecureRandom` class in Symfony does not properly generate random numbers when used with PHP without the `paragonie/random_compat` library and the `openssl_random_pseudo_bytes` function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
2.7.9
Affected by 6 other vulnerabilities.
VCID-bpkv-qrmp-huac
Aliases:
CVE-2019-10911
GHSA-cchx-mfrc-fwqr
Improper Authentication In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.
2.7.51
Affected by 0 other vulnerabilities.
2.8.50
Affected by 1 other vulnerability.
3.4.26
Affected by 1 other vulnerability.
4.1.12
Affected by 2 other vulnerabilities.
4.2.7
Affected by 1 other vulnerability.
VCID-fy39-ys3p-5ucm
Aliases:
CVE-2015-8124
GHSA-j5jh-hpr4-h332
Session Fixation Session fixation vulnerability in the `Remember Me` login feature in Symfony allows remote attackers to hijack web sessions via a session id.
2.7.7
Affected by 7 other vulnerabilities.
VCID-mm7e-kb6c-vucx
Aliases:
CVE-2017-16652
GHSA-r7p7-qr7p-2rrf
`DefaultAuthenticationSuccessHandler` or `DefaultAuthenticationFailureHandler` take the content of the `_target_path` parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.
2.7.38
Affected by 5 other vulnerabilities.
2.8.31
Affected by 6 other vulnerabilities.
3.2.14
Affected by 6 other vulnerabilities.
3.3.13
Affected by 6 other vulnerabilities.
VCID-nsk8-bk5e-tbfh
Aliases:
CVE-2016-4423
GHSA-whgv-8cg3-7hcm
CVE-2016-4423: Large username storage in session The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
2.7.13
Affected by 6 other vulnerabilities.
2.8.6
Affected by 8 other vulnerabilities.
3.0.6
Affected by 8 other vulnerabilities.
VCID-t2dx-5us4-mkf1
Aliases:
CVE-2017-16653
GHSA-92x6-h2gr-8gxq
Cross-Site Request Forgery (CSRF) The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.
2.7.38
Affected by 5 other vulnerabilities.
2.8.31
Affected by 6 other vulnerabilities.
3.2.14
Affected by 6 other vulnerabilities.
3.3.13
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-11T22:05:26.727937+00:00 GitLab Importer Affected by VCID-bpkv-qrmp-huac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2019-10911.yml 38.3.0
2026-04-11T21:57:57.158269+00:00 GitLab Importer Affected by VCID-t2dx-5us4-mkf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16653.yml 38.3.0
2026-04-11T21:56:18.251883+00:00 GitLab Importer Affected by VCID-71vh-7wte-kfcx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11385.yml 38.3.0
2026-04-11T21:56:16.878625+00:00 GitLab Importer Affected by VCID-556v-rym3-6yax https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11406.yml 38.3.0
2026-04-11T21:56:10.456979+00:00 GitLab Importer Affected by VCID-mm7e-kb6c-vucx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16652.yml 38.3.0
2026-04-11T21:44:34.304004+00:00 GitLab Importer Affected by VCID-nsk8-bk5e-tbfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2016-4423.yml 38.3.0
2026-04-11T21:44:33.447937+00:00 GitLab Importer Affected by VCID-ahmf-nthw-ufaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2016-1902.yml 38.3.0
2026-04-11T21:43:30.672617+00:00 GitLab Importer Affected by VCID-fy39-ys3p-5ucm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2015-8124.yml 38.3.0
2026-04-11T21:43:30.010531+00:00 GitLab Importer Affected by VCID-5u5z-qzg2-sbhg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2015-8125.yml 38.3.0
2026-04-02T22:18:18.198235+00:00 GitLab Importer Affected by VCID-bpkv-qrmp-huac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2019-10911.yml 38.1.0
2026-04-02T22:11:18.148675+00:00 GitLab Importer Affected by VCID-t2dx-5us4-mkf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16653.yml 38.1.0
2026-04-02T22:09:42.377145+00:00 GitLab Importer Affected by VCID-71vh-7wte-kfcx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11385.yml 38.1.0
2026-04-02T22:09:41.154318+00:00 GitLab Importer Affected by VCID-556v-rym3-6yax https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11406.yml 38.1.0
2026-04-02T22:09:35.542152+00:00 GitLab Importer Affected by VCID-mm7e-kb6c-vucx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16652.yml 38.1.0
2026-04-02T21:58:39.027149+00:00 GitLab Importer Affected by VCID-nsk8-bk5e-tbfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2016-4423.yml 38.1.0
2026-04-02T21:58:38.239038+00:00 GitLab Importer Affected by VCID-ahmf-nthw-ufaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2016-1902.yml 38.1.0
2026-04-02T21:57:38.324738+00:00 GitLab Importer Affected by VCID-fy39-ys3p-5ucm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2015-8124.yml 38.1.0
2026-04-02T21:57:37.686827+00:00 GitLab Importer Affected by VCID-5u5z-qzg2-sbhg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2015-8125.yml 38.1.0
2026-04-01T16:35:59.339263+00:00 GitLab Importer Affected by VCID-bpkv-qrmp-huac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2019-10911.yml 38.0.0
2026-04-01T16:28:40.400400+00:00 GitLab Importer Affected by VCID-t2dx-5us4-mkf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16653.yml 38.0.0
2026-04-01T16:26:59.283603+00:00 GitLab Importer Affected by VCID-71vh-7wte-kfcx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11385.yml 38.0.0
2026-04-01T16:26:57.863366+00:00 GitLab Importer Affected by VCID-556v-rym3-6yax https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11406.yml 38.0.0
2026-04-01T16:26:51.431197+00:00 GitLab Importer Affected by VCID-mm7e-kb6c-vucx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16652.yml 38.0.0
2026-04-01T16:15:54.513971+00:00 GitLab Importer Affected by VCID-nsk8-bk5e-tbfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2016-4423.yml 38.0.0
2026-04-01T16:15:53.618140+00:00 GitLab Importer Affected by VCID-ahmf-nthw-ufaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2016-1902.yml 38.0.0
2026-04-01T16:14:52.004147+00:00 GitLab Importer Affected by VCID-fy39-ys3p-5ucm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2015-8124.yml 38.0.0
2026-04-01T16:14:51.364029+00:00 GitLab Importer Affected by VCID-5u5z-qzg2-sbhg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2015-8125.yml 38.0.0