Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/symfony/serializer@2.0.9
purl pkg:composer/symfony/serializer@2.0.9
Next non-vulnerable version 5.0.0-BETA1
Latest non-vulnerable version 6.3.8
Risk 4.5
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-bdhj-np35-sybt
Aliases:
CVE-2023-46734
GHSA-q847-2q57-wmr3
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
5.0.0-BETA1
Affected by 0 other vulnerabilities.
5.4.31
Affected by 0 other vulnerabilities.
6.3.8
Affected by 0 other vulnerabilities.
VCID-fgxs-w84s-8kh3
Aliases:
2012-02-24
Improper Restriction of XML External Entity Reference XML decoding attack vector through external entities.
2.0.12
Affected by 1 other vulnerability.
VCID-zyg1-nf3h-b3aj
Aliases:
GHSA-j68w-pg49-f6vx
Symfony XML decoding attack vector through external entities The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system.
2.0.11
Affected by 0 other vulnerabilities.
2.0.12
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:59:59.277968+00:00 GitLab Importer Affected by VCID-zyg1-nf3h-b3aj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/GHSA-j68w-pg49-f6vx.yml 38.4.0
2026-04-16T22:42:58.281435+00:00 GitLab Importer Affected by VCID-bdhj-np35-sybt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/CVE-2023-46734.yml 38.4.0
2026-04-16T20:30:02.155868+00:00 GitLab Importer Affected by VCID-fgxs-w84s-8kh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/2012-02-24.yml 38.4.0
2026-04-12T00:17:57.564136+00:00 GitLab Importer Affected by VCID-zyg1-nf3h-b3aj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/GHSA-j68w-pg49-f6vx.yml 38.3.0
2026-04-12T00:02:31.202876+00:00 GitLab Importer Affected by VCID-bdhj-np35-sybt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/CVE-2023-46734.yml 38.3.0
2026-04-11T21:40:32.010223+00:00 GitLab Importer Affected by VCID-fgxs-w84s-8kh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/2012-02-24.yml 38.3.0
2026-04-03T00:25:13.918677+00:00 GitLab Importer Affected by VCID-zyg1-nf3h-b3aj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/GHSA-j68w-pg49-f6vx.yml 38.1.0
2026-04-03T00:05:30.353784+00:00 GitLab Importer Affected by VCID-bdhj-np35-sybt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/CVE-2023-46734.yml 38.1.0
2026-04-02T21:54:36.313275+00:00 GitLab Importer Affected by VCID-fgxs-w84s-8kh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/2012-02-24.yml 38.1.0
2026-04-01T16:11:56.548345+00:00 GitLab Importer Affected by VCID-fgxs-w84s-8kh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/2012-02-24.yml 38.0.0