{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","type":"deb","namespace":"debian","name":"symfony","version":"6.4.21+dfsg-2+deb13u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.4.41+dfsg-0+deb13u1","latest_non_vulnerable_version":"7.4.13+dfsg-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42034?format=json","vulnerability_id":"VCID-erkb-sxtf-nkg2","summary":"In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service. NOTE: the Supplier has concluded that this is a false report.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36611","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26638","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36611"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36611","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36611"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088817","reference_id":"1088817","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088817"},{"reference_url":"https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c","reference_id":"3581425e0911b716cf8ce4fa30e41e6c","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/"}],"url":"https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c"},{"reference_url":"https://github.com/github/advisory-database/pull/5046","reference_id":"5046","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/"}],"url":"https://github.com/github/advisory-database/pull/5046"},{"reference_url":"https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018","reference_id":"59077#issuecomment-2513935018","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/"}],"url":"https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018"},{"reference_url":"https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995","reference_id":"a804ca15fcad279d7727b91d12a667fd5b925995","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/"}],"url":"https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995"},{"reference_url":"https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132","reference_id":"FormLoginAuthenticator.php#L132","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/"}],"url":"https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104881?format=json","purl":"pkg:deb/debian/symfony@7.4.0~beta2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.0~beta2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2024-36611","GHSA-7q22-x757-cmgc"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-erkb-sxtf-nkg2"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175223?format=json","vulnerability_id":"VCID-14u2-1zfk-rfgg","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19789","reference_id":"","reference_type":"","scores":[{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75618","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104868?format=json","purl":"pkg:deb/debian/symfony@3.4.20%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.20%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-19789"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14u2-1zfk-rfgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213067?format=json","vulnerability_id":"VCID-1cq6-ddr8-5uaj","summary":"Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection","references":[{"reference_url":"https://github.com/symfony/symfony/commit/4e0467e4e182cf2e704a3d9e1bc1a6be65d52ab8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/4e0467e4e182cf2e704a3d9e1bc1a6be65d52ab8"},{"reference_url":"https://symfony.com/cve-2026-45755","reference_id":"CVE-2026-45755","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45755"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mailtrap-mailer/CVE-2026-45755.yaml","reference_id":"CVE-2026-45755.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mailtrap-mailer/CVE-2026-45755.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45755.yaml","reference_id":"CVE-2026-45755.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45755.yaml"},{"reference_url":"https://github.com/advisories/GHSA-59f3-vp2f-mp9w","reference_id":"GHSA-59f3-vp2f-mp9w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-59f3-vp2f-mp9w"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-59f3-vp2f-mp9w","reference_id":"GHSA-59f3-vp2f-mp9w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-59f3-vp2f-mp9w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45755","GHSA-59f3-vp2f-mp9w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1cq6-ddr8-5uaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219125?format=json","vulnerability_id":"VCID-1f5j-zvkq-s3g1","summary":"","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-48760"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1f5j-zvkq-s3g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203856?format=json","vulnerability_id":"VCID-1hgq-8uk8-8kcm","summary":"Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language=\"php\" attribute of a SCRIPT element.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68169","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104860?format=json","purl":"pkg:deb/debian/symfony@2.3.21%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.3.21%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2308"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hgq-8uk8-8kcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211617?format=json","vulnerability_id":"VCID-1pc9-4jbr-3fhc","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48736"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-48736"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1pc9-4jbr-3fhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213057?format=json","vulnerability_id":"VCID-1wrr-t961-h7db","summary":"Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]","references":[{"reference_url":"https://github.com/symfony/symfony/commit/fa8d5c67aa4b22c9656e3fd7d5c3aa59865bf838","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/fa8d5c67aa4b22c9656e3fd7d5c3aa59865bf838"},{"reference_url":"https://symfony.com/cve-2026-45075","reference_id":"CVE-2026-45075","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45075"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2026-45075.yaml","reference_id":"CVE-2026-45075.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2026-45075.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45075.yaml","reference_id":"CVE-2026-45075.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45075.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45075.yaml","reference_id":"CVE-2026-45075.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45075.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6439-2f28-8p8q","reference_id":"GHSA-6439-2f28-8p8q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6439-2f28-8p8q"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-6439-2f28-8p8q","reference_id":"GHSA-6439-2f28-8p8q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-6439-2f28-8p8q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45075","GHSA-6439-2f28-8p8q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1wrr-t961-h7db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204619?format=json","vulnerability_id":"VCID-1zw3-munw-rkb2","summary":"Prevent cache poisoning via a Response Content-Type header in Symfony","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5255","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59513","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5255"},{"reference_url":"https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415","reference_id":"961415","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5255","reference_id":"CVE-2020-5255","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5255"},{"reference_url":"https://symfony.com/cve-2020-5255","reference_id":"CVE-2020-5255","reference_type":"","scores":[],"url":"https://symfony.com/cve-2020-5255"},{"reference_url":"https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header","reference_id":"CVE-2020-5255-PREVENT-CACHE-POISONING-VIA-A-RESPONSE-CONTENT-TYPE-HEADER","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2020-5255.yaml","reference_id":"CVE-2020-5255.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2020-5255.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5255.yaml","reference_id":"CVE-2020-5255.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5255.yaml"},{"reference_url":"https://github.com/advisories/GHSA-mcx4-f5f5-4859","reference_id":"GHSA-mcx4-f5f5-4859","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mcx4-f5f5-4859"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859","reference_id":"GHSA-mcx4-f5f5-4859","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104872?format=json","purl":"pkg:deb/debian/symfony@4.4.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-5255","GHSA-mcx4-f5f5-4859"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1zw3-munw-rkb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175229?format=json","vulnerability_id":"VCID-277x-pbyn-v7em","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10913","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.4939","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10913","reference_id":"CVE-2019-10913","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10913"},{"reference_url":"https://symfony.com/cve-2019-10913","reference_id":"CVE-2019-10913","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-10913"},{"reference_url":"https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides","reference_id":"CVE-2019-10913-REJECT-INVALID-HTTP-METHOD-OVERRIDES","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml","reference_id":"CVE-2019-10913.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml","reference_id":"CVE-2019-10913.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml"},{"reference_url":"https://github.com/advisories/GHSA-x92h-wmg2-6hp7","reference_id":"GHSA-x92h-wmg2-6hp7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x92h-wmg2-6hp7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104869?format=json","purl":"pkg:deb/debian/symfony@3.4.22%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.22%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-10913","GHSA-x92h-wmg2-6hp7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-277x-pbyn-v7em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132895?format=json","vulnerability_id":"VCID-2vph-t5gn-xbfa","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734","reference_id":"","reference_type":"","scores":[{"value":"0.02588","scoring_system":"epss","scoring_elements":"0.85911","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774","reference_id":"1055774","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774"},{"reference_url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54","reference_id":"5d095d5feb1322b16450284a04d6bb48d1198f54","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54"},{"reference_url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c","reference_id":"9da9a145ce57e4585031ad4bee37c497353eec7c","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104880?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104878?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104879?format=json","purl":"pkg:deb/debian/symfony@5.4.31%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.31%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-46734"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vph-t5gn-xbfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211559?format=json","vulnerability_id":"VCID-35re-tren-cugq","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45133"},{"reference_url":"https://github.com/symfony/symfony/commit/914f427ed9630ddb3904dafba763e53d9f133fe3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/914f427ed9630ddb3904dafba763e53d9f133fe3"},{"reference_url":"https://symfony.com/cve-2026-45133","reference_id":"CVE-2026-45133","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45133"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45133.yaml","reference_id":"CVE-2026-45133.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45133.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45133.yaml","reference_id":"CVE-2026-45133.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45133.yaml"},{"reference_url":"https://github.com/advisories/GHSA-c2p3-7m5p-cv8x","reference_id":"GHSA-c2p3-7m5p-cv8x","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c2p3-7m5p-cv8x"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-c2p3-7m5p-cv8x","reference_id":"GHSA-c2p3-7m5p-cv8x","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-c2p3-7m5p-cv8x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45133","GHSA-c2p3-7m5p-cv8x"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35re-tren-cugq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205844?format=json","vulnerability_id":"VCID-39fv-3va8-5fed","summary":"An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a \"null\" password and valid username, which triggers an unauthenticated bind.  NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11407","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34005","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11407"},{"reference_url":"https://usn.ubuntu.com/USN-4836-1/","reference_id":"USN-USN-4836-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4836-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104866?format=json","purl":"pkg:deb/debian/symfony@3.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-11407"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39fv-3va8-5fed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213065?format=json","vulnerability_id":"VCID-3b3s-rgr4-63g8","summary":"Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)","references":[{"reference_url":"https://github.com/symfony/symfony/commit/26a598fcfc4f903cc55ff202f642ee621839825e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/26a598fcfc4f903cc55ff202f642ee621839825e"},{"reference_url":"https://symfony.com/cve-2026-45753","reference_id":"CVE-2026-45753","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45753"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45753.yaml","reference_id":"CVE-2026-45753.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45753.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45753.yaml","reference_id":"CVE-2026-45753.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45753.yaml"},{"reference_url":"https://github.com/advisories/GHSA-hhg7-c65m-h7ff","reference_id":"GHSA-hhg7-c65m-h7ff","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhg7-c65m-h7ff"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-hhg7-c65m-h7ff","reference_id":"GHSA-hhg7-c65m-h7ff","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-hhg7-c65m-h7ff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45753","GHSA-hhg7-c65m-h7ff"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3b3s-rgr4-63g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211551?format=json","vulnerability_id":"VCID-3vye-18hy-g3fe","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45065","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45065"},{"reference_url":"https://github.com/symfony/symfony/commit/bcf487c22f3240ba994124e0e0fe8616f3cfc47a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/bcf487c22f3240ba994124e0e0fe8616f3cfc47a"},{"reference_url":"https://symfony.com/cve-2026-45065","reference_id":"CVE-2026-45065","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45065"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2026-45065.yaml","reference_id":"CVE-2026-45065.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2026-45065.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45065.yaml","reference_id":"CVE-2026-45065.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45065.yaml"},{"reference_url":"https://github.com/advisories/GHSA-72xp-p242-47p9","reference_id":"GHSA-72xp-p242-47p9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72xp-p242-47p9"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-72xp-p242-47p9","reference_id":"GHSA-72xp-p242-47p9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-72xp-p242-47p9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45065","GHSA-72xp-p242-47p9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3vye-18hy-g3fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173331?format=json","vulnerability_id":"VCID-3x8r-7w2f-jfbd","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39693","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894"},{"reference_url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb","reference_id":"d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"msg00014.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104877?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104876?format=json","purl":"pkg:deb/debian/symfony@5.4.20%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.20%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-24894"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3x8r-7w2f-jfbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219121?format=json","vulnerability_id":"VCID-3xdj-um9j-gfc1","summary":"The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5958","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65205","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5958"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-5958"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xdj-um9j-gfc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175226?format=json","vulnerability_id":"VCID-3xr5-h38c-9fc2","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10910","reference_id":"","reference_type":"","scores":[{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93906","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb"},{"reference_url":"https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b"},{"reference_url":"https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10910","reference_id":"CVE-2019-10910","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10910"},{"reference_url":"https://symfony.com/cve-2019-10910","reference_id":"CVE-2019-10910","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-10910"},{"reference_url":"https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid","reference_id":"CVE-2019-10910-CHECK-SERVICE-IDS-ARE-VALID","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/advisories/GHSA-pgwj-prpq-jpc2","reference_id":"GHSA-pgwj-prpq-jpc2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pgwj-prpq-jpc2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104869?format=json","purl":"pkg:deb/debian/symfony@3.4.22%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.22%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-10910","GHSA-pgwj-prpq-jpc2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xr5-h38c-9fc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211595?format=json","vulnerability_id":"VCID-478d-h11p-3ug2","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46626"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-46626"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-478d-h11p-3ug2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208258?format=json","vulnerability_id":"VCID-48cj-cbs6-83d7","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21424","reference_id":"","reference_type":"","scores":[{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56925","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21424"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424"},{"reference_url":"https://usn.ubuntu.com/USN-5290-1/","reference_id":"USN-USN-5290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104873?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-21424"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48cj-cbs6-83d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200676?format=json","vulnerability_id":"VCID-4dkq-cq5t-qqe9","summary":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2383.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2383","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.4986","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=539592","reference_id":"539592","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=539592"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220","reference_id":"555220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221","reference_id":"555221","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250","reference_id":"555250","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255","reference_id":"555255","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977","reference_id":"558977","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104854?format=json","purl":"pkg:deb/debian/symfony@1.0.21-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@1.0.21-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2007-2383"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4dkq-cq5t-qqe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124318?format=json","vulnerability_id":"VCID-532e-g8g2-m3am","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78314","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104866?format=json","purl":"pkg:deb/debian/symfony@3.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-11386"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-532e-g8g2-m3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213109?format=json","vulnerability_id":"VCID-55k3-e72q-2ubr","summary":"Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification","references":[{"reference_url":"https://github.com/symfony/symfony/commit/8545fb2af6c07dfb5ef0fc8d9bccf86db2c94356","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/8545fb2af6c07dfb5ef0fc8d9bccf86db2c94356"},{"reference_url":"https://symfony.com/cve-2026-47212","reference_id":"CVE-2026-47212","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-47212"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-47212.yaml","reference_id":"CVE-2026-47212.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-47212.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/twilio-notifier/CVE-2026-47212.yaml","reference_id":"CVE-2026-47212.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/twilio-notifier/CVE-2026-47212.yaml"},{"reference_url":"https://github.com/advisories/GHSA-55rj-x2vc-4whq","reference_id":"GHSA-55rj-x2vc-4whq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-55rj-x2vc-4whq"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-55rj-x2vc-4whq","reference_id":"GHSA-55rj-x2vc-4whq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-55rj-x2vc-4whq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-47212","GHSA-55rj-x2vc-4whq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-55k3-e72q-2ubr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204621?format=json","vulnerability_id":"VCID-56hx-2yn5-fqgm","summary":"Exceptions displayed in non-debug configurations in Symfony","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5274","reference_id":"","reference_type":"","scores":[{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50504","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5274"},{"reference_url":"https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db"},{"reference_url":"https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415","reference_id":"961415","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5274","reference_id":"CVE-2020-5274","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5274"},{"reference_url":"https://symfony.com/cve-2020-5274","reference_id":"CVE-2020-5274","reference_type":"","scores":[],"url":"https://symfony.com/cve-2020-5274"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/error-handler/CVE-2020-5274.yaml","reference_id":"CVE-2020-5274.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/error-handler/CVE-2020-5274.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5274.yaml","reference_id":"CVE-2020-5274.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5274.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m884-279h-32v2","reference_id":"GHSA-m884-279h-32v2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m884-279h-32v2"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-m884-279h-32v2","reference_id":"GHSA-m884-279h-32v2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-m884-279h-32v2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104872?format=json","purl":"pkg:deb/debian/symfony@4.4.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-5274","GHSA-m884-279h-32v2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56hx-2yn5-fqgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56765?format=json","vulnerability_id":"VCID-6aj5-vhfg-qkgk","summary":"symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60737","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345"},{"reference_url":"https://symfony.com/cve-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50345"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp","reference_id":"GHSA-mrqx-rp3w-jpjp","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp"},{"reference_url":"https://url.spec.whatwg.org","reference_id":"url.spec.whatwg.org","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://url.spec.whatwg.org"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104888?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104886?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104883?format=json","purl":"pkg:deb/debian/symfony@6.4.14%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.14%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2024-50345","GHSA-mrqx-rp3w-jpjp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6aj5-vhfg-qkgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35253?format=json","vulnerability_id":"VCID-6byh-zvqa-qucx","summary":"Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.74181","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736"},{"reference_url":"https://symfony.com/cve-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-51736"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q","reference_id":"GHSA-qq5c-677p-737q","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2024-51736","GHSA-qq5c-677p-737q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6byh-zvqa-qucx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211614?format=json","vulnerability_id":"VCID-6juv-bmep-e7ap","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48489"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-48489"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6juv-bmep-e7ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177858?format=json","vulnerability_id":"VCID-6re2-zrsx-pbgz","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74697","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887","reference_id":"CVE-2019-18887","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887"},{"reference_url":"https://symfony.com/cve-2019-18887","reference_id":"CVE-2019-18887","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-18887"},{"reference_url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner","reference_id":"CVE-2019-18887-USE-CONSTANT-TIME-COMPARISON-IN-URISIGNER","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml","reference_id":"CVE-2019-18887.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml","reference_id":"CVE-2019-18887.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q8hg-pf8v-cxrv","reference_id":"GHSA-q8hg-pf8v-cxrv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8hg-pf8v-cxrv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104870?format=json","purl":"pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.3.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-18887","GHSA-q8hg-pf8v-cxrv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6re2-zrsx-pbgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124309?format=json","vulnerability_id":"VCID-7hjf-a7c6-5ye2","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16652","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44929","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104865?format=json","purl":"pkg:deb/debian/symfony@3.4.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-16652"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hjf-a7c6-5ye2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206683?format=json","vulnerability_id":"VCID-7q3t-ttfq-c3fw","summary":"Cookie persistence after password changes in symfony/security-bundle","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41268","reference_id":"","reference_type":"","scores":[{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65317","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41268"},{"reference_url":"https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc"},{"reference_url":"https://github.com/symfony/symfony/pull/44243","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/44243"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v5.3.12","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/releases/tag/v5.3.12"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41268","reference_id":"CVE-2021-41268","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41268"},{"reference_url":"https://symfony.com/cve-2021-41268","reference_id":"CVE-2021-41268","reference_type":"","scores":[],"url":"https://symfony.com/cve-2021-41268"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml","reference_id":"CVE-2021-41268.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml","reference_id":"CVE-2021-41268.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml"},{"reference_url":"https://github.com/advisories/GHSA-qw36-p97w-vcqr","reference_id":"GHSA-qw36-p97w-vcqr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qw36-p97w-vcqr"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr","reference_id":"GHSA-qw36-p97w-vcqr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-41268","GHSA-qw36-p97w-vcqr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7q3t-ttfq-c3fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213053?format=json","vulnerability_id":"VCID-85ck-m2za-9yh3","summary":"Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing","references":[{"reference_url":"https://github.com/symfony/symfony/commit/743a435e948b897ef2b5564ac438d4beb95d2526","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/743a435e948b897ef2b5564ac438d4beb95d2526"},{"reference_url":"https://symfony.com/cve-2026-45064","reference_id":"CVE-2026-45064","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45064"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45064.yaml","reference_id":"CVE-2026-45064.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45064.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45064.yaml","reference_id":"CVE-2026-45064.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45064.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h5vq-qfcg-4m6p","reference_id":"GHSA-h5vq-qfcg-4m6p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h5vq-qfcg-4m6p"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-h5vq-qfcg-4m6p","reference_id":"GHSA-h5vq-qfcg-4m6p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-h5vq-qfcg-4m6p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45064","GHSA-h5vq-qfcg-4m6p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-85ck-m2za-9yh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211562?format=json","vulnerability_id":"VCID-8knv-mxc6-fqgd","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45305"},{"reference_url":"https://github.com/symfony/symfony/commit/9749cd43c5e09b3735093623670b21b9d8a056cb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/9749cd43c5e09b3735093623670b21b9d8a056cb"},{"reference_url":"https://symfony.com/cve-2026-45305","reference_id":"CVE-2026-45305","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45305"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45305.yaml","reference_id":"CVE-2026-45305.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45305.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45305.yaml","reference_id":"CVE-2026-45305.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45305.yaml"},{"reference_url":"https://github.com/advisories/GHSA-9frc-8383-795m","reference_id":"GHSA-9frc-8383-795m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9frc-8383-795m"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-9frc-8383-795m","reference_id":"GHSA-9frc-8383-795m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-9frc-8383-795m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45305","GHSA-9frc-8383-795m"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8knv-mxc6-fqgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56926?format=json","vulnerability_id":"VCID-8trz-ymga-uqdb","summary":"symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48138","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343"},{"reference_url":"https://symfony.com/cve-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50343"},{"reference_url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f","reference_id":"7d1032bbead9a4229b32fa6ebca32681c80cb76f","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9","reference_id":"GHSA-g3rh-rrhp-jhh9","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104888?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104886?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104889?format=json","purl":"pkg:deb/debian/symfony@6.4.11%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.11%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2024-50343","GHSA-g3rh-rrhp-jhh9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8trz-ymga-uqdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181868?format=json","vulnerability_id":"VCID-8vub-8664-w3aq","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4050","reference_id":"","reference_type":"","scores":[{"value":"0.76192","scoring_system":"epss","scoring_elements":"0.98947","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4050"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4050","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4050"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104861?format=json","purl":"pkg:deb/debian/symfony@2.7.0~beta2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.7.0~beta2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-4050"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vub-8664-w3aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182480?format=json","vulnerability_id":"VCID-9csx-j51k-jyh9","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8125","reference_id":"","reference_type":"","scores":[{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77494","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104862?format=json","purl":"pkg:deb/debian/symfony@2.7.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.7.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8125"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9csx-j51k-jyh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211561?format=json","vulnerability_id":"VCID-9cy2-jqaz-fyh3","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45304"},{"reference_url":"https://github.com/symfony/symfony/commit/e77391b2e4f18821198f010d573674c8ed4a970a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/e77391b2e4f18821198f010d573674c8ed4a970a"},{"reference_url":"https://symfony.com/cve-2026-45304","reference_id":"CVE-2026-45304","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45304"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45304.yaml","reference_id":"CVE-2026-45304.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45304.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45304.yaml","reference_id":"CVE-2026-45304.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45304.yaml"},{"reference_url":"https://github.com/advisories/GHSA-4qpc-3hr4-r2p4","reference_id":"GHSA-4qpc-3hr4-r2p4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qpc-3hr4-r2p4"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-4qpc-3hr4-r2p4","reference_id":"GHSA-4qpc-3hr4-r2p4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-4qpc-3hr4-r2p4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45304","GHSA-4qpc-3hr4-r2p4"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9cy2-jqaz-fyh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213054?format=json","vulnerability_id":"VCID-9s6u-zwgw-kueg","summary":"Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification","references":[{"reference_url":"https://symfony.com/cve-2026-45066","reference_id":"CVE-2026-45066","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45066"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45066.yaml","reference_id":"CVE-2026-45066.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45066.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45066.yaml","reference_id":"CVE-2026-45066.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45066.yaml"},{"reference_url":"https://github.com/advisories/GHSA-qc95-4862-92fh","reference_id":"GHSA-qc95-4862-92fh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qc95-4862-92fh"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qc95-4862-92fh","reference_id":"GHSA-qc95-4862-92fh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qc95-4862-92fh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45066","GHSA-qc95-4862-92fh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9s6u-zwgw-kueg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182744?format=json","vulnerability_id":"VCID-a1ns-tqbq-nubk","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1902","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60905","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104863?format=json","purl":"pkg:deb/debian/symfony@2.7.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.7.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2016-1902"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1ns-tqbq-nubk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132890?format=json","vulnerability_id":"VCID-atb9-qbpw-1kb2","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier doesn't change between the verification phase and the successful login, while the token itself changes from one type (partially-authenticated) to another (fully-authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46733","reference_id":"","reference_type":"","scores":[{"value":"0.01316","scoring_system":"epss","scoring_elements":"0.80265","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46733"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055775","reference_id":"1055775","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055775"},{"reference_url":"https://github.com/symfony/symfony/commit/7467bd7e3f888b333102bc664b5e02ef1e7f88b9","reference_id":"7467bd7e3f888b333102bc664b5e02ef1e7f88b9","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/"}],"url":"https://github.com/symfony/symfony/commit/7467bd7e3f888b333102bc664b5e02ef1e7f88b9"},{"reference_url":"https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74","reference_id":"dc356499d5ceb86f7cf2b4c7f032eca97061ed74","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/"}],"url":"https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx","reference_id":"GHSA-m2wj-r6g3-fxfx","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104878?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104879?format=json","purl":"pkg:deb/debian/symfony@5.4.31%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.31%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-46733"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atb9-qbpw-1kb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182479?format=json","vulnerability_id":"VCID-ateb-64hj-p3dx","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8124","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54061","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104862?format=json","purl":"pkg:deb/debian/symfony@2.7.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.7.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8124"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ateb-64hj-p3dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175222?format=json","vulnerability_id":"VCID-bhuc-44kp-3fgx","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95079","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-005","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2018-005"},{"reference_url":"http://www.securityfocus.com/bid/104943","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104943"},{"reference_url":"http://www.securitytracker.com/id/1041405","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041405"},{"reference_url":"https://security.archlinux.org/AVG-744","reference_id":"AVG-744","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773","reference_id":"CVE-2018-14773","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773"},{"reference_url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers","reference_id":"CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq","reference_id":"GHSA-8wgj-6wx8-h5hq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104867?format=json","purl":"pkg:deb/debian/symfony@3.4.14%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.14%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-14773","GHSA-8wgj-6wx8-h5hq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhuc-44kp-3fgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211552?format=json","vulnerability_id":"VCID-bufg-g7uk-73fg","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45067","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45067"},{"reference_url":"https://github.com/symfony/symfony/commit/dc2dbd29211eb4ddc451373fa1374fb926e94604","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/dc2dbd29211eb4ddc451373fa1374fb926e94604"},{"reference_url":"https://symfony.com/cve-2026-45067","reference_id":"CVE-2026-45067","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45067"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2026-45067.yaml","reference_id":"CVE-2026-45067.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2026-45067.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45067.yaml","reference_id":"CVE-2026-45067.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45067.yaml"},{"reference_url":"https://github.com/advisories/GHSA-qpmx-3rfj-7rhv","reference_id":"GHSA-qpmx-3rfj-7rhv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpmx-3rfj-7rhv"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qpmx-3rfj-7rhv","reference_id":"GHSA-qpmx-3rfj-7rhv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qpmx-3rfj-7rhv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45067","GHSA-qpmx-3rfj-7rhv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bufg-g7uk-73fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206685?format=json","vulnerability_id":"VCID-c6xj-n2un-kkfz","summary":"CSV Injection in symfony/serializer","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41270","reference_id":"","reference_type":"","scores":[{"value":"0.00871","scoring_system":"epss","scoring_elements":"0.75644","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41270"},{"reference_url":"https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8"},{"reference_url":"https://github.com/symfony/symfony/pull/44243","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/44243"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v5.3.12","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/releases/tag/v5.3.12"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41270","reference_id":"CVE-2021-41270","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41270"},{"reference_url":"https://symfony.com/cve-2021-41270","reference_id":"CVE-2021-41270","reference_type":"","scores":[],"url":"https://symfony.com/cve-2021-41270"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/CVE-2021-41270.yaml","reference_id":"CVE-2021-41270.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/CVE-2021-41270.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41270.yaml","reference_id":"CVE-2021-41270.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41270.yaml"},{"reference_url":"https://github.com/advisories/GHSA-2xhg-w2g5-w95x","reference_id":"GHSA-2xhg-w2g5-w95x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xhg-w2g5-w95x"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x","reference_id":"GHSA-2xhg-w2g5-w95x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x"},{"reference_url":"https://usn.ubuntu.com/USN-5290-1/","reference_id":"USN-USN-5290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104875?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104874?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-41270","GHSA-2xhg-w2g5-w95x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6xj-n2un-kkfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211553?format=json","vulnerability_id":"VCID-cgmu-1un1-mbb5","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45068"},{"reference_url":"https://github.com/symfony/symfony/commit/c45144862dc289d03952f41f6078174089a3afc6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/c45144862dc289d03952f41f6078174089a3afc6"},{"reference_url":"https://symfony.com/cve-2026-45068","reference_id":"CVE-2026-45068","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45068"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mailer/CVE-2026-45068.yaml","reference_id":"CVE-2026-45068.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mailer/CVE-2026-45068.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45068.yaml","reference_id":"CVE-2026-45068.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45068.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xx3c-qf5g-hc39","reference_id":"GHSA-xx3c-qf5g-hc39","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx3c-qf5g-hc39"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-xx3c-qf5g-hc39","reference_id":"GHSA-xx3c-qf5g-hc39","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-xx3c-qf5g-hc39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45068","GHSA-xx3c-qf5g-hc39"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cgmu-1un1-mbb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219124?format=json","vulnerability_id":"VCID-cupj-he8b-2kbx","summary":"","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-48747"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cupj-he8b-2kbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173502?format=json","vulnerability_id":"VCID-dnwt-puv7-mbgm","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07301","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895"},{"reference_url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946","reference_id":"076fd2088ada33d760758d98ff07ddedbf567946","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946"},{"reference_url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4","reference_id":"5909d74ecee359ea4982fcf4331aaf2e489a1fd4","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.yaml","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"msg00014.html","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104877?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104876?format=json","purl":"pkg:deb/debian/symfony@5.4.20%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.20%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-24895"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnwt-puv7-mbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206681?format=json","vulnerability_id":"VCID-dqes-1qfp-e7ds","summary":"Webcache Poisoning in symfony/http-kernel","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41267","reference_id":"","reference_type":"","scores":[{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64612","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41267"},{"reference_url":"https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487"},{"reference_url":"https://github.com/symfony/symfony/pull/44243","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/44243"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v5.3.12","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/releases/tag/v5.3.12"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41267","reference_id":"CVE-2021-41267","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41267"},{"reference_url":"https://symfony.com/cve-2021-41267","reference_id":"CVE-2021-41267","reference_type":"","scores":[],"url":"https://symfony.com/cve-2021-41267"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml","reference_id":"CVE-2021-41267.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml","reference_id":"CVE-2021-41267.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q3j3-w37x-hq2q","reference_id":"GHSA-q3j3-w37x-hq2q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3j3-w37x-hq2q"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q","reference_id":"GHSA-q3j3-w37x-hq2q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-41267","GHSA-q3j3-w37x-hq2q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqes-1qfp-e7ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124315?format=json","vulnerability_id":"VCID-dr7w-qh7g-2qgt","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16790","reference_id":"","reference_type":"","scores":[{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72194","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104865?format=json","purl":"pkg:deb/debian/symfony@3.4.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-16790"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dr7w-qh7g-2qgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175224?format=json","vulnerability_id":"VCID-dyqe-h5ha-pbc6","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19790","reference_id":"","reference_type":"","scores":[{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63943","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104868?format=json","purl":"pkg:deb/debian/symfony@3.4.20%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.20%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-19790"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyqe-h5ha-pbc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219123?format=json","vulnerability_id":"VCID-hhkq-jz7h-vuc5","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the firewalls was available for all other firewalls. This could be abused when the application defines different providers for each part of the application, in such a situation, a user authenticated on a part of the application could be considered authenticated on the rest of the application. Starting in version 5.3.2, a patch ensures that the authenticated token is only available for the firewall that generates it.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32693","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44409","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32693"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-32693"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhkq-jz7h-vuc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175228?format=json","vulnerability_id":"VCID-hrpp-29gt-1kap","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10912","reference_id":"","reference_type":"","scores":[{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78612","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10912","reference_id":"CVE-2019-10912","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10912"},{"reference_url":"https://symfony.com/cve-2019-10912","reference_id":"CVE-2019-10912","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-10912"},{"reference_url":"https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized","reference_id":"CVE-2019-10912-PREVENT-DESTRUCTORS-WITH-SIDE-EFFECTS-FROM-BEING-UNSERIALIZED","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/advisories/GHSA-w2fr-65vp-mxw3","reference_id":"GHSA-w2fr-65vp-mxw3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w2fr-65vp-mxw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104869?format=json","purl":"pkg:deb/debian/symfony@3.4.22%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.22%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-10912","GHSA-w2fr-65vp-mxw3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hrpp-29gt-1kap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211556?format=json","vulnerability_id":"VCID-hssw-scdz-ryd6","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45071","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45071"},{"reference_url":"https://github.com/symfony/symfony/commit/eea5fd7488cbdc241da4ce242344b7d9a3ecdf3d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/eea5fd7488cbdc241da4ce242344b7d9a3ecdf3d"},{"reference_url":"https://symfony.com/cve-2026-45071","reference_id":"CVE-2026-45071","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45071"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dom-crawler/CVE-2026-45071.yaml","reference_id":"CVE-2026-45071.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dom-crawler/CVE-2026-45071.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45071.yaml","reference_id":"CVE-2026-45071.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45071.yaml"},{"reference_url":"https://github.com/advisories/GHSA-x6g4-fwcc-jj8w","reference_id":"GHSA-x6g4-fwcc-jj8w","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x6g4-fwcc-jj8w"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-x6g4-fwcc-jj8w","reference_id":"GHSA-x6g4-fwcc-jj8w","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-x6g4-fwcc-jj8w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45071","GHSA-x6g4-fwcc-jj8w"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hssw-scdz-ryd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211554?format=json","vulnerability_id":"VCID-hv18-15ee-2yf1","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45069","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45069"},{"reference_url":"https://github.com/symfony/symfony/commit/6b717aaac21b7e96798448d14c4355ea87690b3d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/6b717aaac21b7e96798448d14c4355ea87690b3d"},{"reference_url":"https://symfony.com/cve-2026-45069","reference_id":"CVE-2026-45069","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45069"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45069.yaml","reference_id":"CVE-2026-45069.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45069.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45069.yaml","reference_id":"CVE-2026-45069.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45069.yaml"},{"reference_url":"https://github.com/advisories/GHSA-29fc-p6c4-24cg","reference_id":"GHSA-29fc-p6c4-24cg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-29fc-p6c4-24cg"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-29fc-p6c4-24cg","reference_id":"GHSA-29fc-p6c4-24cg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-29fc-p6c4-24cg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45069","GHSA-29fc-p6c4-24cg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hv18-15ee-2yf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124313?format=json","vulnerability_id":"VCID-jcpm-ugf9-qygf","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16654","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68172","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104865?format=json","purl":"pkg:deb/debian/symfony@3.4.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-16654"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jcpm-ugf9-qygf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211558?format=json","vulnerability_id":"VCID-k1ya-kxak-9qf8","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45077","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45077"},{"reference_url":"https://github.com/symfony/symfony/commit/0891b2f293896c488e26943dc034334364b77fc4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/0891b2f293896c488e26943dc034334364b77fc4"},{"reference_url":"https://symfony.com/cve-2026-45077","reference_id":"CVE-2026-45077","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45077"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/monolog-bridge/CVE-2026-45077.yaml","reference_id":"CVE-2026-45077.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/monolog-bridge/CVE-2026-45077.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45077.yaml","reference_id":"CVE-2026-45077.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45077.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m7v2-7gxm-vc2v","reference_id":"GHSA-m7v2-7gxm-vc2v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m7v2-7gxm-vc2v"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-m7v2-7gxm-vc2v","reference_id":"GHSA-m7v2-7gxm-vc2v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-m7v2-7gxm-vc2v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45077","GHSA-m7v2-7gxm-vc2v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1ya-kxak-9qf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124320?format=json","vulnerability_id":"VCID-k6d1-hvtf-kfbv","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40011","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104866?format=json","purl":"pkg:deb/debian/symfony@3.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-11406"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6d1-hvtf-kfbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163815?format=json","vulnerability_id":"VCID-k8q8-sb46-5qbw","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38576","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601"},{"reference_url":"https://symfony.com/cve-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[],"url":"https://symfony.com/cve-2022-23601"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml","reference_id":"CVE-2022-23601.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml","reference_id":"CVE-2022-23601.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50","reference_id":"f0ffb775febdf07e57117aabadac96fa37857f50","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50"},{"reference_url":"https://github.com/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvmr-8829-6whx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-23601","GHSA-vvmr-8829-6whx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8q8-sb46-5qbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56710?format=json","vulnerability_id":"VCID-kkdk-k66f-hqcr","summary":"symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50342","reference_id":"","reference_type":"","scores":[{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66479","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50342"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50342","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50342"},{"reference_url":"https://symfony.com/cve-2024-50342","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50342"},{"reference_url":"https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b","reference_id":"296d4b34a33b1a6ca5475c6040b3203622520f5b","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/"}],"url":"https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm","reference_id":"GHSA-9c3x-r3wp-mgxm","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104886?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104887?format=json","purl":"pkg:deb/debian/symfony@6.4.15%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.15%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2024-50342","GHSA-9c3x-r3wp-mgxm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkdk-k66f-hqcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205489?format=json","vulnerability_id":"VCID-kw1p-tyh7-qfb7","summary":"RCE in Symfony","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15094","reference_id":"","reference_type":"","scores":[{"value":"0.02248","scoring_system":"epss","scoring_elements":"0.8494","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15094"},{"reference_url":"https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"},{"reference_url":"https://packagist.org/packages/symfony/http-kernel","reference_id":"","reference_type":"","scores":[],"url":"https://packagist.org/packages/symfony/http-kernel"},{"reference_url":"https://packagist.org/packages/symfony/symfony","reference_id":"","reference_type":"","scores":[],"url":"https://packagist.org/packages/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15094","reference_id":"CVE-2020-15094","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15094"},{"reference_url":"https://symfony.com/cve-2020-15094","reference_id":"CVE-2020-15094","reference_type":"","scores":[],"url":"https://symfony.com/cve-2020-15094"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2020-15094.yaml","reference_id":"CVE-2020-15094.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2020-15094.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-15094.yaml","reference_id":"CVE-2020-15094.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-15094.yaml"},{"reference_url":"https://github.com/advisories/GHSA-754h-5r27-7x3r","reference_id":"GHSA-754h-5r27-7x3r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-754h-5r27-7x3r"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r","reference_id":"GHSA-754h-5r27-7x3r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104871?format=json","purl":"pkg:deb/debian/symfony@4.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-15094","GHSA-754h-5r27-7x3r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kw1p-tyh7-qfb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56967?format=json","vulnerability_id":"VCID-mmwy-6jga-u7fb","summary":"symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to  unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the `Security::login` method now ensure to call the configured `user_checker`. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50341","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34702","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50341"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2024-50341.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2024-50341.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50341.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50341.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50341","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50341"},{"reference_url":"https://symfony.com/cve-2024-50341","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50341"},{"reference_url":"https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105","reference_id":"22a0789a0085c3ee96f4ef715ecad8255cf0e105","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:59Z/"}],"url":"https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v","reference_id":"GHSA-jxgr-3v7q-3w9v","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:59Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104885?format=json","purl":"pkg:deb/debian/symfony@6.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2024-50341","GHSA-jxgr-3v7q-3w9v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mmwy-6jga-u7fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206150?format=json","vulnerability_id":"VCID-n17z-j2b9-fub1","summary":"An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14774","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37407","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14774"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104867?format=json","purl":"pkg:deb/debian/symfony@3.4.14%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.14%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-14774"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n17z-j2b9-fub1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132549?format=json","vulnerability_id":"VCID-ndbs-kz4k-duby","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now doesn't return any user-submitted input in its response.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46735","reference_id":"","reference_type":"","scores":[{"value":"0.03113","scoring_system":"epss","scoring_elements":"0.8712","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46735"},{"reference_url":"https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962","reference_id":"8128c302430394f639e818a7103b3f6815d8d962","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:14:14Z/"}],"url":"https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr","reference_id":"GHSA-72x2-5c85-6wmr","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:14:14Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2023-46735"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndbs-kz4k-duby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204623?format=json","vulnerability_id":"VCID-nj9d-2wqw-7khe","summary":"Firewall configured with unanimous strategy was not actually unanimous in Symfony","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5275","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51047","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5275"},{"reference_url":"https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415","reference_id":"961415","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5275","reference_id":"CVE-2020-5275","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5275"},{"reference_url":"https://symfony.com/cve-2020-5275","reference_id":"CVE-2020-5275","reference_type":"","scores":[],"url":"https://symfony.com/cve-2020-5275"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2020-5275.yaml","reference_id":"CVE-2020-5275.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2020-5275.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2020-5275.yaml","reference_id":"CVE-2020-5275.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2020-5275.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5275.yaml","reference_id":"CVE-2020-5275.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5275.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g4m9-5hpf-hx72","reference_id":"GHSA-g4m9-5hpf-hx72","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4m9-5hpf-hx72"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72","reference_id":"GHSA-g4m9-5hpf-hx72","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104872?format=json","purl":"pkg:deb/debian/symfony@4.4.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-5275","GHSA-g4m9-5hpf-hx72"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nj9d-2wqw-7khe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211555?format=json","vulnerability_id":"VCID-nn8d-7fuj-hbdc","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45070","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45070"},{"reference_url":"https://symfony.com/cve-2026-45070","reference_id":"CVE-2026-45070","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45070"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2026-45070.yaml","reference_id":"CVE-2026-45070.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2026-45070.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45070.yaml","reference_id":"CVE-2026-45070.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45070.yaml"},{"reference_url":"https://github.com/advisories/GHSA-vqc8-7275-q272","reference_id":"GHSA-vqc8-7275-q272","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vqc8-7275-q272"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-vqc8-7275-q272","reference_id":"GHSA-vqc8-7275-q272","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-vqc8-7275-q272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45070","GHSA-vqc8-7275-q272"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nn8d-7fuj-hbdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205039?format=json","vulnerability_id":"VCID-pdsg-euaa-jkbk","summary":"The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.6662","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104865?format=json","purl":"pkg:deb/debian/symfony@3.4.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-18343"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdsg-euaa-jkbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213068?format=json","vulnerability_id":"VCID-q4d5-c3v6-kuec","summary":"Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS","references":[{"reference_url":"https://github.com/symfony/symfony/commit/1ac2d47418ec23066112db1e6ca35be6fe123d14","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/1ac2d47418ec23066112db1e6ca35be6fe123d14"},{"reference_url":"https://symfony.com/cve-2026-45756","reference_id":"CVE-2026-45756","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45756"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/json-path/CVE-2026-45756.yaml","reference_id":"CVE-2026-45756.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/json-path/CVE-2026-45756.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45756.yaml","reference_id":"CVE-2026-45756.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45756.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8v8v-g73j-492j","reference_id":"GHSA-8v8v-g73j-492j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8v8v-g73j-492j"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-8v8v-g73j-492j","reference_id":"GHSA-8v8v-g73j-492j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-8v8v-g73j-492j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45756","GHSA-8v8v-g73j-492j"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q4d5-c3v6-kuec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124307?format=json","vulnerability_id":"VCID-qbb4-atrw-6qgz","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2403","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3586","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104864?format=json","purl":"pkg:deb/debian/symfony@2.8.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.8.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2016-2403"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbb4-atrw-6qgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204320?format=json","vulnerability_id":"VCID-qw3t-3tjv-7qdy","summary":"User enumeration leak using switch user functionality in Symfony","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18886","reference_id":"","reference_type":"","scores":[{"value":"0.01546","scoring_system":"epss","scoring_elements":"0.81803","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18886"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18886","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18886"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18886","reference_id":"CVE-2019-18886","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18886"},{"reference_url":"https://symfony.com/cve-2019-18886","reference_id":"CVE-2019-18886","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-18886"},{"reference_url":"https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality","reference_id":"CVE-2019-18886-PREVENT-USER-ENUMERATION-USING-SWITCH-USER-FUNCTIONALITY","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-18886.yaml","reference_id":"CVE-2019-18886.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-18886.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18886.yaml","reference_id":"CVE-2019-18886.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18886.yaml"},{"reference_url":"https://github.com/advisories/GHSA-4vpc-5jx4-cfqg","reference_id":"GHSA-4vpc-5jx4-cfqg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vpc-5jx4-cfqg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104870?format=json","purl":"pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.3.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-18886","GHSA-4vpc-5jx4-cfqg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qw3t-3tjv-7qdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219122?format=json","vulnerability_id":"VCID-qwpt-wwq8-9bc2","summary":"Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11365","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.5827","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11365"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-11365"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwpt-wwq8-9bc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205901?format=json","vulnerability_id":"VCID-rjae-syue-pqh6","summary":"Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the \"file\" parameter, aka an _profiler/open?file= URI.  NOTE: The vendor states \"The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12040","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52487","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12040"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104866?format=json","purl":"pkg:deb/debian/symfony@3.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-12040"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rjae-syue-pqh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177860?format=json","vulnerability_id":"VCID-rp8k-1gkg-syfa","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85117","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888"},{"reference_url":"https://symfony.com/cve-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-18888"},{"reference_url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser","reference_id":"CVE-2019-18888-PREVENT-ARGUMENT-INJECTION-IN-A-MIMETYPEGUESSER","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xhh6-956q-4q69","reference_id":"GHSA-xhh6-956q-4q69","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhh6-956q-4q69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104870?format=json","purl":"pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.3.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-18888","GHSA-xhh6-956q-4q69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rp8k-1gkg-syfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185654?format=json","vulnerability_id":"VCID-snxx-cs59-7qgv","summary":"Multiple vulnerabilities in Asterisk might allow remote attackers to cause\n    a Denial of Service condition, or conduct other attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7220.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7220","reference_id":"","reference_type":"","scores":[{"value":"0.10024","scoring_system":"epss","scoring_elements":"0.93227","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=523277","reference_id":"523277","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=523277"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220","reference_id":"555220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221","reference_id":"555221","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242","reference_id":"555242","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244","reference_id":"555244","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250","reference_id":"555250","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255","reference_id":"555255","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259","reference_id":"555259","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266","reference_id":"555266","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977","reference_id":"558977","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977"},{"reference_url":"https://security.gentoo.org/glsa/201006-20","reference_id":"GLSA-201006-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104854?format=json","purl":"pkg:deb/debian/symfony@1.0.21-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@1.0.21-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2008-7220"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snxx-cs59-7qgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204313?format=json","vulnerability_id":"VCID-sqhp-d28s-hbgb","summary":"Symfony Unsafe Cache Serialization Could Enable RCE","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18889","reference_id":"","reference_type":"","scores":[{"value":"0.05134","scoring_system":"epss","scoring_elements":"0.90078","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18889","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18889"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18889","reference_id":"CVE-2019-18889","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18889"},{"reference_url":"https://symfony.com/cve-2019-18889","reference_id":"CVE-2019-18889","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-18889"},{"reference_url":"https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances","reference_id":"CVE-2019-18889-FORBID-SERIALIZING-ABSTRACTADAPTER-AND-TAGAWAREADAPTER-INSTANCES","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml","reference_id":"CVE-2019-18889.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml","reference_id":"CVE-2019-18889.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml"},{"reference_url":"https://github.com/advisories/GHSA-79gr-58r3-pwm3","reference_id":"GHSA-79gr-58r3-pwm3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-79gr-58r3-pwm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104870?format=json","purl":"pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.3.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-18889","GHSA-79gr-58r3-pwm3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqhp-d28s-hbgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175227?format=json","vulnerability_id":"VCID-t9v8-mwys-pba3","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10911","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50938","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10911","reference_id":"CVE-2019-10911","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10911"},{"reference_url":"https://symfony.com/cve-2019-10911","reference_id":"CVE-2019-10911","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-10911"},{"reference_url":"https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash","reference_id":"CVE-2019-10911-ADD-A-SEPARATOR-IN-THE-REMEMBER-ME-COOKIE-HASH","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml","reference_id":"CVE-2019-10911.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml","reference_id":"CVE-2019-10911.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml","reference_id":"CVE-2019-10911.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/advisories/GHSA-cchx-mfrc-fwqr","reference_id":"GHSA-cchx-mfrc-fwqr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cchx-mfrc-fwqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104869?format=json","purl":"pkg:deb/debian/symfony@3.4.22%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.22%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-10911","GHSA-cchx-mfrc-fwqr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9v8-mwys-pba3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205846?format=json","vulnerability_id":"VCID-tzdw-gzb2-kbd7","summary":"The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container.  NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11408","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.5433","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11408"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104866?format=json","purl":"pkg:deb/debian/symfony@3.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-11408"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzdw-gzb2-kbd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35241?format=json","vulnerability_id":"VCID-ugbv-tv7h-vqhx","summary":"Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51996","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25235","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51996"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51996","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51996"},{"reference_url":"https://symfony.com/cve-2024-51996","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-51996"},{"reference_url":"https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a","reference_id":"81354d392c5f0b7a52bcbd729d6f82501e94135a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:49:11Z/"}],"url":"https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr","reference_id":"GHSA-cg23-qf8f-62rr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:49:11Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104890?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104887?format=json","purl":"pkg:deb/debian/symfony@6.4.15%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.15%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2024-51996","GHSA-cg23-qf8f-62rr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugbv-tv7h-vqhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56817?format=json","vulnerability_id":"VCID-upms-wc51-gkhg","summary":"symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50340","reference_id":"","reference_type":"","scores":[{"value":"0.86622","scoring_system":"epss","scoring_elements":"0.9944","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50340"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50340","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50340"},{"reference_url":"https://symfony.com/cve-2024-50340","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50340"},{"reference_url":"https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa","reference_id":"a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/"}],"url":"https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j","reference_id":"GHSA-x8vp-gf4q-mw5j","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104883?format=json","purl":"pkg:deb/debian/symfony@6.4.14%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.14%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2024-50340","GHSA-x8vp-gf4q-mw5j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upms-wc51-gkhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204473?format=json","vulnerability_id":"VCID-uys7-kpcx-f3ec","summary":"Improper Input Validation in Symfony","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11325","reference_id":"","reference_type":"","scores":[{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89584","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11325"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11325","reference_id":"CVE-2019-11325","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11325"},{"reference_url":"https://symfony.com/cve-2019-11325","reference_id":"CVE-2019-11325","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-11325"},{"reference_url":"https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter","reference_id":"CVE-2019-11325-FIX-ESCAPING-OF-STRINGS-IN-VAREXPORTER","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml","reference_id":"CVE-2019-11325.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml","reference_id":"CVE-2019-11325.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml"},{"reference_url":"https://github.com/advisories/GHSA-w4rc-rx25-8m86","reference_id":"GHSA-w4rc-rx25-8m86","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w4rc-rx25-8m86"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104870?format=json","purl":"pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.3.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-11325","GHSA-w4rc-rx25-8m86"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uys7-kpcx-f3ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211550?format=json","vulnerability_id":"VCID-v6ps-emz1-dyf7","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45063","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45063"},{"reference_url":"https://github.com/symfony/symfony/commit/ccb3f724c7ff55670a6fe3521c7bf1514cceb478","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/ccb3f724c7ff55670a6fe3521c7bf1514cceb478"},{"reference_url":"https://symfony.com/cve-2026-45063","reference_id":"CVE-2026-45063","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45063"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45063.yaml","reference_id":"CVE-2026-45063.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45063.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45063.yaml","reference_id":"CVE-2026-45063.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45063.yaml"},{"reference_url":"https://github.com/advisories/GHSA-ph86-p8f6-f9r2","reference_id":"GHSA-ph86-p8f6-f9r2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ph86-p8f6-f9r2"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-ph86-p8f6-f9r2","reference_id":"GHSA-ph86-p8f6-f9r2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-ph86-p8f6-f9r2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45063","GHSA-ph86-p8f6-f9r2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ps-emz1-dyf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175225?format=json","vulnerability_id":"VCID-vc7s-6p62-bfaw","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58182","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2"},{"reference_url":"https://www.drupal.org/sa-core-2019-005","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2019-005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909"},{"reference_url":"https://symfony.com/cve-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-10909"},{"reference_url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine","reference_id":"CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2","reference_id":"GHSA-g996-q5r8-w7g2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104869?format=json","purl":"pkg:deb/debian/symfony@3.4.22%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.22%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2019-10909","GHSA-g996-q5r8-w7g2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vc7s-6p62-bfaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211557?format=json","vulnerability_id":"VCID-vvhq-xt12-nbez","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45073"},{"reference_url":"https://github.com/symfony/symfony/commit/ec50b799d79ebe24561f29351c1efcb6da95c9b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/ec50b799d79ebe24561f29351c1efcb6da95c9b"},{"reference_url":"https://symfony.com/cve-2026-45073","reference_id":"CVE-2026-45073","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45073"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2026-45073.yaml","reference_id":"CVE-2026-45073.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2026-45073.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45073.yaml","reference_id":"CVE-2026-45073.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45073.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6qh9-h6wf-jgqc","reference_id":"GHSA-6qh9-h6wf-jgqc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6qh9-h6wf-jgqc"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-6qh9-h6wf-jgqc","reference_id":"GHSA-6qh9-h6wf-jgqc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-6qh9-h6wf-jgqc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45073","GHSA-6qh9-h6wf-jgqc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vvhq-xt12-nbez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213066?format=json","vulnerability_id":"VCID-vzq4-84yw-dufj","summary":"Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection","references":[{"reference_url":"https://github.com/symfony/symfony/commit/4aaa45dd054f73445f1ab254968b7e60b546cc77","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/4aaa45dd054f73445f1ab254968b7e60b546cc77"},{"reference_url":"https://symfony.com/cve-2026-45754","reference_id":"CVE-2026-45754","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45754"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/lox24-notifier/CVE-2026-45754.yaml","reference_id":"CVE-2026-45754.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/lox24-notifier/CVE-2026-45754.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mailjet-mailer/CVE-2026-45754.yaml","reference_id":"CVE-2026-45754.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mailjet-mailer/CVE-2026-45754.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45754.yaml","reference_id":"CVE-2026-45754.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45754.yaml"},{"reference_url":"https://github.com/advisories/GHSA-64hg-93w9-fc35","reference_id":"GHSA-64hg-93w9-fc35","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-64hg-93w9-fc35"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-64hg-93w9-fc35","reference_id":"GHSA-64hg-93w9-fc35","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-64hg-93w9-fc35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45754","GHSA-64hg-93w9-fc35"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzq4-84yw-dufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213056?format=json","vulnerability_id":"VCID-wj5x-xmsj-k7c8","summary":"Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay","references":[{"reference_url":"https://github.com/symfony/symfony/commit/5ba145dba702404801bdf9e7e8d6df170060d541","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/5ba145dba702404801bdf9e7e8d6df170060d541"},{"reference_url":"https://symfony.com/cve-2026-45074","reference_id":"CVE-2026-45074","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45074"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45074.yaml","reference_id":"CVE-2026-45074.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45074.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45074.yaml","reference_id":"CVE-2026-45074.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45074.yaml"},{"reference_url":"https://github.com/advisories/GHSA-j8gj-9rm5-4xhx","reference_id":"GHSA-j8gj-9rm5-4xhx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j8gj-9rm5-4xhx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-j8gj-9rm5-4xhx","reference_id":"GHSA-j8gj-9rm5-4xhx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-j8gj-9rm5-4xhx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45074","GHSA-j8gj-9rm5-4xhx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wj5x-xmsj-k7c8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182746?format=json","vulnerability_id":"VCID-ww4c-2uy7-bfe1","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.81116","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104864?format=json","purl":"pkg:deb/debian/symfony@2.8.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.8.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2016-4423"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ww4c-2uy7-bfe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211618?format=json","vulnerability_id":"VCID-xu6g-xjg8-67ew","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48784"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104882?format=json","purl":"pkg:deb/debian/symfony@5.4.53%2Bdfsg-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.53%252Bdfsg-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-48784"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xu6g-xjg8-67ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124311?format=json","vulnerability_id":"VCID-xvfe-m9hv-7yfh","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16653","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55933","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e"},{"reference_url":"https://github.com/symfony/symfony/pull/24992","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/24992"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16653","reference_id":"CVE-2017-16653","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16653"},{"reference_url":"https://symfony.com/cve-2017-16653","reference_id":"CVE-2017-16653","reference_type":"","scores":[],"url":"https://symfony.com/cve-2017-16653"},{"reference_url":"https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https","reference_id":"CVE-2017-16653-CSRF-PROTECTION-DOES-NOT-USE-DIFFERENT-TOKENS-FOR-HTTP-AND-HTTPS","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml","reference_id":"CVE-2017-16653.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml","reference_id":"CVE-2017-16653.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml","reference_id":"CVE-2017-16653.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml"},{"reference_url":"https://github.com/advisories/GHSA-92x6-h2gr-8gxq","reference_id":"GHSA-92x6-h2gr-8gxq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92x6-h2gr-8gxq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104865?format=json","purl":"pkg:deb/debian/symfony@3.4.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-16653","GHSA-92x6-h2gr-8gxq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvfe-m9hv-7yfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219126?format=json","vulnerability_id":"VCID-ycpt-t233-k3cf","summary":"","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-48761"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ycpt-t233-k3cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124317?format=json","vulnerability_id":"VCID-yf6v-q6j4-eubb","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76167","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104866?format=json","purl":"pkg:deb/debian/symfony@3.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2018-11385"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yf6v-q6j4-eubb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203857?format=json","vulnerability_id":"VCID-yu7n-cv95-abc7","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309"},{"reference_url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84"},{"reference_url":"https://github.com/symfony/symfony/pull/14166","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14166"},{"reference_url":"https://symfony.com/cve-2015-2309","reference_id":"CVE-2015-2309","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2309"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml","reference_id":"CVE-2015-2309.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml","reference_id":"CVE-2015-2309.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j","reference_id":"GHSA-p684-f7fh-jv2j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104860?format=json","purl":"pkg:deb/debian/symfony@2.3.21%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.3.21%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2309","GHSA-p684-f7fh-jv2j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yu7n-cv95-abc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213055?format=json","vulnerability_id":"VCID-ywh9-pmkz-nka5","summary":"Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering","references":[{"reference_url":"https://github.com/symfony/symfony/commit/863aa81c61166f1aa74b7732df316f76113acbdb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/863aa81c61166f1aa74b7732df316f76113acbdb"},{"reference_url":"https://symfony.com/cve-2026-45072","reference_id":"CVE-2026-45072","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45072"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45072.yaml","reference_id":"CVE-2026-45072.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45072.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/twig-bridge/CVE-2026-45072.yaml","reference_id":"CVE-2026-45072.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/twig-bridge/CVE-2026-45072.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2026-45072.yaml","reference_id":"CVE-2026-45072.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2026-45072.yaml"},{"reference_url":"https://github.com/advisories/GHSA-hmr5-2xcr-v8pp","reference_id":"GHSA-hmr5-2xcr-v8pp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmr5-2xcr-v8pp"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-hmr5-2xcr-v8pp","reference_id":"GHSA-hmr5-2xcr-v8pp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-hmr5-2xcr-v8pp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104884?format=json","purl":"pkg:deb/debian/symfony@6.4.41%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.41%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104892?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-45072","GHSA-hmr5-2xcr-v8pp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywh9-pmkz-nka5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82620?format=json","vulnerability_id":"VCID-yz7h-r417-zuds","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mis-handle unquoted arguments containing these characters. This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended. If an application (or tooling such as Composer scripts) uses Symfony Process to invoke file-management commands (e.g. `rmdir`, `del`, etc.) with a path argument containing `=`, the MSYS2 conversion layer may alter the argument at runtime. In affected setups this can result in operations being performed on an unintended path, up to and including deletion of the contents of a broader directory or drive. The issue is particularly relevant when untrusted input can influence process arguments (directly or indirectly, e.g. via repository paths, extracted archive paths, temporary directories, or user-controlled configuration). Versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5 contains a patch for the issue. Some workarounds are available. Avoid running PHP/one's own tooling from MSYS2-based shells on Windows; prefer cmd.exe or PowerShell for workflows that spawn native executables. Avoid passing paths containing `=` (and similar MSYS2-sensitive characters) to Symfony Process when operating under Git Bash/MSYS2. Where applicable, configure MSYS2 to disable or restrict argument conversion (e.g. via `MSYS2_ARG_CONV_EXCL`), understanding this may affect other tooling behavior.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24739","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01635","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24739"},{"reference_url":"https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3","reference_id":"35203939050e5abd3caf2202113b00cab5d379b3","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3"},{"reference_url":"https://github.com/symfony/symfony/issues/62921","reference_id":"62921","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/issues/62921"},{"reference_url":"https://github.com/symfony/symfony/pull/63164","reference_id":"63164","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/pull/63164"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24739","reference_id":"CVE-2026-24739","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24739"},{"reference_url":"https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b","reference_id":"ec154f6f95f8c60f831998ec4d246a857e9d179b","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b"},{"reference_url":"https://github.com/advisories/GHSA-r39x-jcww-82v6","reference_id":"GHSA-r39x-jcww-82v6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r39x-jcww-82v6"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6","reference_id":"GHSA-r39x-jcww-82v6","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104859?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104855?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pc9-4jbr-3fhc"},{"vulnerability":"VCID-35re-tren-cugq"},{"vulnerability":"VCID-3vye-18hy-g3fe"},{"vulnerability":"VCID-478d-h11p-3ug2"},{"vulnerability":"VCID-6juv-bmep-e7ap"},{"vulnerability":"VCID-8knv-mxc6-fqgd"},{"vulnerability":"VCID-9cy2-jqaz-fyh3"},{"vulnerability":"VCID-bufg-g7uk-73fg"},{"vulnerability":"VCID-cgmu-1un1-mbb5"},{"vulnerability":"VCID-erkb-sxtf-nkg2"},{"vulnerability":"VCID-hssw-scdz-ryd6"},{"vulnerability":"VCID-hv18-15ee-2yf1"},{"vulnerability":"VCID-k1ya-kxak-9qf8"},{"vulnerability":"VCID-nn8d-7fuj-hbdc"},{"vulnerability":"VCID-v6ps-emz1-dyf7"},{"vulnerability":"VCID-vvhq-xt12-nbez"},{"vulnerability":"VCID-xu6g-xjg8-67ew"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-24739","GHSA-r39x-jcww-82v6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yz7h-r417-zuds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90445?format=json","vulnerability_id":"VCID-zws9-ffpd-5ffw","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption. Starting in versions 5.4.50, 6.4.29, and 7.3.7, the `Request` class now ensures that URL paths always start with a `/`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64500","reference_id":"","reference_type":"","scores":[{"value":"0.06307","scoring_system":"epss","scoring_elements":"0.91154","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500"},{"reference_url":"https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac","reference_id":"9962b91b12bb791322fa73836b350836b6db7cac","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64500","reference_id":"CVE-2025-64500","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64500"},{"reference_url":"https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass","reference_id":"cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml","reference_id":"CVE-2025-64500.yaml","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml","reference_id":"CVE-2025-64500.yaml","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3rg7-wf37-54rm","reference_id":"GHSA-3rg7-wf37-54rm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rg7-wf37-54rm"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm","reference_id":"GHSA-3rg7-wf37-54rm","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104853?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104858?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-erkb-sxtf-nkg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104891?format=json","purl":"pkg:deb/debian/symfony@7.4.0~rc1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.0~rc1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104856?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104857?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-64500","GHSA-3rg7-wf37-54rm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zws9-ffpd-5ffw"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"}