Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/symfony/symfony@3.0.0-alpha
purl pkg:composer/symfony/symfony@3.0.0-alpha
Tags Ghost
Next non-vulnerable version 5.4.51
Latest non-vulnerable version 8.0.5
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-72pa-a6sv-fyg6
Aliases:
CVE-2016-2403
GHSA-wvj5-r78r-hhfq
Unauthorized access on a misconfigured LDAP server There's a flaw in `LdapBindAuthenticationProvider` that allows for an unauthorized access on a misconfigured LDAP server when using an empty password. Applications are affected only if they use the LDAP authentication provider.
3.0.6
Affected by 26 other vulnerabilities.
VCID-nsk8-bk5e-tbfh
Aliases:
CVE-2016-4423
GHSA-whgv-8cg3-7hcm
CVE-2016-4423: Large username storage in session The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
3.0.6
Affected by 26 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:47:10.868665+00:00 GitLab Importer Affected by VCID-72pa-a6sv-fyg6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/CVE-2016-2403.yml 38.0.0
2026-04-01T12:47:03.918725+00:00 GitLab Importer Affected by VCID-nsk8-bk5e-tbfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/CVE-2016-4423.yml 38.0.0