Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/symfony/serializer@2.0.12
purl pkg:composer/symfony/serializer@2.0.12
Next non-vulnerable version 5.0.0-BETA1
Latest non-vulnerable version 6.3.8
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-bdhj-np35-sybt
Aliases:
CVE-2023-46734
GHSA-q847-2q57-wmr3
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
5.0.0-BETA1
Affected by 0 other vulnerabilities.
5.4.31
Affected by 0 other vulnerabilities.
6.3.8
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-fgxs-w84s-8kh3 Improper Restriction of XML External Entity Reference XML decoding attack vector through external entities. 2012-02-24
VCID-zyg1-nf3h-b3aj Symfony XML decoding attack vector through external entities The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system. GHSA-j68w-pg49-f6vx

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:59:59.285189+00:00 GitLab Importer Fixing VCID-zyg1-nf3h-b3aj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/GHSA-j68w-pg49-f6vx.yml 38.4.0
2026-04-16T22:42:58.287894+00:00 GitLab Importer Affected by VCID-bdhj-np35-sybt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/CVE-2023-46734.yml 38.4.0
2026-04-16T20:30:02.162649+00:00 GitLab Importer Fixing VCID-fgxs-w84s-8kh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/2012-02-24.yml 38.4.0
2026-04-12T00:17:57.567160+00:00 GitLab Importer Fixing VCID-zyg1-nf3h-b3aj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/GHSA-j68w-pg49-f6vx.yml 38.3.0
2026-04-12T00:02:31.210759+00:00 GitLab Importer Affected by VCID-bdhj-np35-sybt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/CVE-2023-46734.yml 38.3.0
2026-04-11T21:40:32.017383+00:00 GitLab Importer Fixing VCID-fgxs-w84s-8kh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/2012-02-24.yml 38.3.0
2026-04-03T00:25:13.926006+00:00 GitLab Importer Fixing VCID-zyg1-nf3h-b3aj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/GHSA-j68w-pg49-f6vx.yml 38.1.0
2026-04-03T00:05:30.361286+00:00 GitLab Importer Affected by VCID-bdhj-np35-sybt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/CVE-2023-46734.yml 38.1.0
2026-04-02T21:54:36.319865+00:00 GitLab Importer Fixing VCID-fgxs-w84s-8kh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/2012-02-24.yml 38.1.0
2026-04-01T12:46:46.602253+00:00 GitLab Importer Fixing VCID-fgxs-w84s-8kh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/2012-02-24.yml 38.0.0