{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","type":"deb","namespace":"debian","name":"symfony","version":"7.4.13+dfsg-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10776?format=json","vulnerability_id":"VCID-1s54-qwaj-dbg5","summary":"Information Exposure Through Timing Discrepancy\nSymfony allows remote attackers to have unspecified impact via a timing attack.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8125","reference_id":"","reference_type":"","scores":[{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.7737","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8125"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/symfony/symfony/pull/16630","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/16630"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8125","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8125"},{"reference_url":"https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service"},{"reference_url":"https://web.archive.org/web/20200228050051/http://www.securityfocus.com/bid/77692","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228050051/http://www.securityfocus.com/bid/77692"},{"reference_url":"http://www.debian.org/security/2015/dsa-3402","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3402"},{"reference_url":"http://www.securityfocus.com/bid/77692","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/77692"},{"reference_url":"https://symfony.com/cve-2015-8125","reference_id":"CVE-2015-8125","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-8125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208558?format=json","purl":"pkg:deb/debian/symfony@2.7.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.7.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8125","GHSA-g97c-jfx6-xvxh"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1s54-qwaj-dbg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/164926?format=json","vulnerability_id":"VCID-2a1d-skf4-n7hh","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5274","reference_id":"","reference_type":"","scores":[{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50375","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5274"},{"reference_url":"https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db"},{"reference_url":"https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415","reference_id":"961415","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5274","reference_id":"CVE-2020-5274","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5274"},{"reference_url":"https://symfony.com/cve-2020-5274","reference_id":"CVE-2020-5274","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2020-5274"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/error-handler/CVE-2020-5274.yaml","reference_id":"CVE-2020-5274.YAML","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/error-handler/CVE-2020-5274.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5274.yaml","reference_id":"CVE-2020-5274.YAML","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5274.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m884-279h-32v2","reference_id":"GHSA-m884-279h-32v2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m884-279h-32v2"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-m884-279h-32v2","reference_id":"GHSA-m884-279h-32v2","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-m884-279h-32v2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208575?format=json","purl":"pkg:deb/debian/symfony@4.4.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2020-5274","GHSA-m884-279h-32v2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2a1d-skf4-n7hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14844?format=json","vulnerability_id":"VCID-2fjn-22pk-p7fx","summary":"Cross-Site Request Forgery (CSRF)\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38505","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601"},{"reference_url":"https://symfony.com/cve-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-23601"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml","reference_id":"CVE-2022-23601.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml","reference_id":"CVE-2022-23601.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvmr-8829-6whx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2022-23601","GHSA-vvmr-8829-6whx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fjn-22pk-p7fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14379?format=json","vulnerability_id":"VCID-2m2u-gjzs-cbbk","summary":"Improper Neutralization of Formula Elements in a CSV File\n`Symfony/Serializer` handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony is vulnerable to CSV injection, also known as formula injection. In Symfony, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `\\t`. Since then, OWASP added 2 chars in that list, Tab (0x09) and Carriage return (0x0D). This makes the previous prefix char (Tab `\\t`) part of the vulnerable characters, and OWASP suggests using the single quote `'` for prefixing the value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41270","reference_id":"","reference_type":"","scores":[{"value":"0.00871","scoring_system":"epss","scoring_elements":"0.75526","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41270"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8"},{"reference_url":"https://github.com/symfony/symfony/pull/44243","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/44243"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v5.3.12","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v5.3.12"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41270","reference_id":"CVE-2021-41270","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41270"},{"reference_url":"https://symfony.com/cve-2021-41270","reference_id":"CVE-2021-41270","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2021-41270"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/CVE-2021-41270.yaml","reference_id":"CVE-2021-41270.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/CVE-2021-41270.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41270.yaml","reference_id":"CVE-2021-41270.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41270.yaml"},{"reference_url":"https://github.com/advisories/GHSA-2xhg-w2g5-w95x","reference_id":"GHSA-2xhg-w2g5-w95x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xhg-w2g5-w95x"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x","reference_id":"GHSA-2xhg-w2g5-w95x","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x"},{"reference_url":"https://usn.ubuntu.com/USN-5290-1/","reference_id":"USN-USN-5290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208583?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208582?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2021-41270","GHSA-2xhg-w2g5-w95x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2m2u-gjzs-cbbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341409?format=json","vulnerability_id":"VCID-31pu-2pt7-2fh2","summary":"Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/ccb3f724c7ff55670a6fe3521c7bf1514cceb478","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/ccb3f724c7ff55670a6fe3521c7bf1514cceb478"},{"reference_url":"https://symfony.com/cve-2026-45063","reference_id":"CVE-2026-45063","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45063"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45063.yaml","reference_id":"CVE-2026-45063.YAML","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45063.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45063.yaml","reference_id":"CVE-2026-45063.YAML","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45063.yaml"},{"reference_url":"https://github.com/advisories/GHSA-ph86-p8f6-f9r2","reference_id":"GHSA-ph86-p8f6-f9r2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ph86-p8f6-f9r2"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-ph86-p8f6-f9r2","reference_id":"GHSA-ph86-p8f6-f9r2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-ph86-p8f6-f9r2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45063","GHSA-ph86-p8f6-f9r2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-31pu-2pt7-2fh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341424?format=json","vulnerability_id":"VCID-3rs1-f6qt-vqbn","summary":"Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/6b717aaac21b7e96798448d14c4355ea87690b3d","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/6b717aaac21b7e96798448d14c4355ea87690b3d"},{"reference_url":"https://symfony.com/cve-2026-45069","reference_id":"CVE-2026-45069","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45069"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45069.yaml","reference_id":"CVE-2026-45069.YAML","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45069.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45069.yaml","reference_id":"CVE-2026-45069.YAML","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45069.yaml"},{"reference_url":"https://github.com/advisories/GHSA-29fc-p6c4-24cg","reference_id":"GHSA-29fc-p6c4-24cg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-29fc-p6c4-24cg"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-29fc-p6c4-24cg","reference_id":"GHSA-29fc-p6c4-24cg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-29fc-p6c4-24cg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45069","GHSA-29fc-p6c4-24cg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3rs1-f6qt-vqbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47956?format=json","vulnerability_id":"VCID-4893-7n32-yybr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2383","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49726","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2383"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220","reference_id":"555220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221","reference_id":"555221","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250","reference_id":"555250","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255","reference_id":"555255","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977","reference_id":"558977","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208547?format=json","purl":"pkg:deb/debian/symfony@1.0.21-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@1.0.21-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2007-2383"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4893-7n32-yybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58916?format=json","vulnerability_id":"VCID-48h3-gt91-1ycz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7220","reference_id":"","reference_type":"","scores":[{"value":"0.10024","scoring_system":"epss","scoring_elements":"0.93188","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220","reference_id":"555220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221","reference_id":"555221","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242","reference_id":"555242","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244","reference_id":"555244","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250","reference_id":"555250","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255","reference_id":"555255","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259","reference_id":"555259","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266","reference_id":"555266","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977","reference_id":"558977","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977"},{"reference_url":"https://security.gentoo.org/glsa/201006-20","reference_id":"GLSA-201006-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208547?format=json","purl":"pkg:deb/debian/symfony@1.0.21-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@1.0.21-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2008-7220"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48h3-gt91-1ycz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341493?format=json","vulnerability_id":"VCID-4e6m-3qj2-67ag","summary":"Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/8545fb2af6c07dfb5ef0fc8d9bccf86db2c94356","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/8545fb2af6c07dfb5ef0fc8d9bccf86db2c94356"},{"reference_url":"https://symfony.com/cve-2026-47212","reference_id":"CVE-2026-47212","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-47212"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-47212.yaml","reference_id":"CVE-2026-47212.YAML","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-47212.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/twilio-notifier/CVE-2026-47212.yaml","reference_id":"CVE-2026-47212.YAML","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/twilio-notifier/CVE-2026-47212.yaml"},{"reference_url":"https://github.com/advisories/GHSA-55rj-x2vc-4whq","reference_id":"GHSA-55rj-x2vc-4whq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-55rj-x2vc-4whq"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-55rj-x2vc-4whq","reference_id":"GHSA-55rj-x2vc-4whq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-55rj-x2vc-4whq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-47212","GHSA-55rj-x2vc-4whq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4e6m-3qj2-67ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341420?format=json","vulnerability_id":"VCID-4ufx-41vp-ducg","summary":"Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/743a435e948b897ef2b5564ac438d4beb95d2526","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/743a435e948b897ef2b5564ac438d4beb95d2526"},{"reference_url":"https://symfony.com/cve-2026-45064","reference_id":"CVE-2026-45064","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45064"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45064.yaml","reference_id":"CVE-2026-45064.YAML","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45064.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45064.yaml","reference_id":"CVE-2026-45064.YAML","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45064.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h5vq-qfcg-4m6p","reference_id":"GHSA-h5vq-qfcg-4m6p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h5vq-qfcg-4m6p"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-h5vq-qfcg-4m6p","reference_id":"GHSA-h5vq-qfcg-4m6p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-h5vq-qfcg-4m6p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45064","GHSA-h5vq-qfcg-4m6p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ufx-41vp-ducg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341442?format=json","vulnerability_id":"VCID-5113-3b42-j3eh","summary":"Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/26a598fcfc4f903cc55ff202f642ee621839825e","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/26a598fcfc4f903cc55ff202f642ee621839825e"},{"reference_url":"https://symfony.com/cve-2026-45753","reference_id":"CVE-2026-45753","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45753"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45753.yaml","reference_id":"CVE-2026-45753.YAML","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45753.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45753.yaml","reference_id":"CVE-2026-45753.YAML","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45753.yaml"},{"reference_url":"https://github.com/advisories/GHSA-hhg7-c65m-h7ff","reference_id":"GHSA-hhg7-c65m-h7ff","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhg7-c65m-h7ff"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-hhg7-c65m-h7ff","reference_id":"GHSA-hhg7-c65m-h7ff","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-hhg7-c65m-h7ff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45753","GHSA-hhg7-c65m-h7ff"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5113-3b42-j3eh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13601?format=json","vulnerability_id":"VCID-59sy-m44r-h3gn","summary":"SQL Injection\nIn Symfony HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10913","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49262","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10913","reference_id":"CVE-2019-10913","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10913"},{"reference_url":"https://symfony.com/cve-2019-10913","reference_id":"CVE-2019-10913","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10913"},{"reference_url":"https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides","reference_id":"CVE-2019-10913-REJECT-INVALID-HTTP-METHOD-OVERRIDES","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml","reference_id":"CVE-2019-10913.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml","reference_id":"CVE-2019-10913.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml"},{"reference_url":"https://github.com/advisories/GHSA-x92h-wmg2-6hp7","reference_id":"GHSA-x92h-wmg2-6hp7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x92h-wmg2-6hp7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208568?format=json","purl":"pkg:deb/debian/symfony@3.4.22%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.22%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-10913","GHSA-x92h-wmg2-6hp7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59sy-m44r-h3gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341427?format=json","vulnerability_id":"VCID-5qmw-a84t-dfge","summary":"Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/863aa81c61166f1aa74b7732df316f76113acbdb","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/863aa81c61166f1aa74b7732df316f76113acbdb"},{"reference_url":"https://symfony.com/cve-2026-45072","reference_id":"CVE-2026-45072","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45072"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45072.yaml","reference_id":"CVE-2026-45072.YAML","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45072.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/twig-bridge/CVE-2026-45072.yaml","reference_id":"CVE-2026-45072.YAML","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/twig-bridge/CVE-2026-45072.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2026-45072.yaml","reference_id":"CVE-2026-45072.YAML","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2026-45072.yaml"},{"reference_url":"https://github.com/advisories/GHSA-hmr5-2xcr-v8pp","reference_id":"GHSA-hmr5-2xcr-v8pp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmr5-2xcr-v8pp"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-hmr5-2xcr-v8pp","reference_id":"GHSA-hmr5-2xcr-v8pp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-hmr5-2xcr-v8pp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45072","GHSA-hmr5-2xcr-v8pp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qmw-a84t-dfge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13603?format=json","vulnerability_id":"VCID-5txj-xsnq-ducf","summary":"Cross-site Scripting\nIn Symfony, validation messages are not escaped, which can lead to XSS when user input is included.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58042","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909"},{"reference_url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2"},{"reference_url":"https://www.drupal.org/sa-core-2019-005","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2019-005"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_19","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_19"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909"},{"reference_url":"https://symfony.com/cve-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10909"},{"reference_url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine","reference_id":"CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2","reference_id":"GHSA-g996-q5r8-w7g2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208568?format=json","purl":"pkg:deb/debian/symfony@3.4.22%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.22%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-10909","GHSA-g996-q5r8-w7g2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5txj-xsnq-ducf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341429?format=json","vulnerability_id":"VCID-5uge-2gtu-tkdw","summary":"Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5ba145dba702404801bdf9e7e8d6df170060d541","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/5ba145dba702404801bdf9e7e8d6df170060d541"},{"reference_url":"https://symfony.com/cve-2026-45074","reference_id":"CVE-2026-45074","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45074"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45074.yaml","reference_id":"CVE-2026-45074.YAML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45074.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45074.yaml","reference_id":"CVE-2026-45074.YAML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45074.yaml"},{"reference_url":"https://github.com/advisories/GHSA-j8gj-9rm5-4xhx","reference_id":"GHSA-j8gj-9rm5-4xhx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j8gj-9rm5-4xhx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-j8gj-9rm5-4xhx","reference_id":"GHSA-j8gj-9rm5-4xhx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-j8gj-9rm5-4xhx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45074","GHSA-j8gj-9rm5-4xhx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5uge-2gtu-tkdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12814?format=json","vulnerability_id":"VCID-6bdp-9ng3-uyb1","summary":"Cross-site Scripting\nThe debug handler in Symfony has an XSS via an array key during exception pretty printing in `ExceptionHandler.php`, as demonstrated by a `/_debugbar/open?op`=get` URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66483","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343","reference_id":"CVE-2017-18343","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208563?format=json","purl":"pkg:deb/debian/symfony@3.4.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-18343"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6bdp-9ng3-uyb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/268522?format=json","vulnerability_id":"VCID-6kq8-5k4z-27f2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60588","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345"},{"reference_url":"https://symfony.com/cve-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50345"},{"reference_url":"https://url.spec.whatwg.org","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://url.spec.whatwg.org"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208600?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208594?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208596?format=json","purl":"pkg:deb/debian/symfony@6.4.14%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.14%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-50345","GHSA-mrqx-rp3w-jpjp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6kq8-5k4z-27f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12688?format=json","vulnerability_id":"VCID-7cdk-bmdh-2fde","summary":"Cross-Site Request Forgery (CSRF)\nBy default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3992","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406"},{"reference_url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11406","reference_id":"CVE-2018-11406","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208564?format=json","purl":"pkg:deb/debian/symfony@3.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-11406","GHSA-g4g7-q726-v5hg"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7cdk-bmdh-2fde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16774?format=json","vulnerability_id":"VCID-7pwc-t6vf-eyax","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39605","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894","reference_id":"CVE-2022-24894","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894"},{"reference_url":"https://symfony.com/cve-2022-24894","reference_id":"CVE-2022-24894","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24894"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml","reference_id":"CVE-2022-24894.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml","reference_id":"CVE-2022-24894.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208586?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208585?format=json","purl":"pkg:deb/debian/symfony@5.4.20%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.20%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2022-24894","GHSA-h7vf-5wrv-9fhv","GMS-2023-209","GMS-2023-212"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7pwc-t6vf-eyax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12692?format=json","vulnerability_id":"VCID-8627-nvyk-w7fu","summary":"URL Redirection to Untrusted Site (Open Redirect)\nThe security handlers in the Security component in Symfony have an Open redirect vulnerability when `security.http_utils` is inlined by a container.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11408","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54181","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11408"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11408","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11408"},{"reference_url":"https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers"},{"reference_url":"https://symfony.com/cve-2018-11408","reference_id":"CVE-2018-11408","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11408"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208564?format=json","purl":"pkg:deb/debian/symfony@3.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-11408","GHSA-7hwc-2cq4-6x2w"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8627-nvyk-w7fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341443?format=json","vulnerability_id":"VCID-8akz-87u4-7uh9","summary":"Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/4aaa45dd054f73445f1ab254968b7e60b546cc77","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/4aaa45dd054f73445f1ab254968b7e60b546cc77"},{"reference_url":"https://symfony.com/cve-2026-45754","reference_id":"CVE-2026-45754","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45754"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/lox24-notifier/CVE-2026-45754.yaml","reference_id":"CVE-2026-45754.YAML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/lox24-notifier/CVE-2026-45754.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mailjet-mailer/CVE-2026-45754.yaml","reference_id":"CVE-2026-45754.YAML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mailjet-mailer/CVE-2026-45754.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45754.yaml","reference_id":"CVE-2026-45754.YAML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45754.yaml"},{"reference_url":"https://github.com/advisories/GHSA-64hg-93w9-fc35","reference_id":"GHSA-64hg-93w9-fc35","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-64hg-93w9-fc35"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-64hg-93w9-fc35","reference_id":"GHSA-64hg-93w9-fc35","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-64hg-93w9-fc35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45754","GHSA-64hg-93w9-fc35"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8akz-87u4-7uh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341421?format=json","vulnerability_id":"VCID-8vur-b48u-pqeu","summary":"Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://symfony.com/cve-2026-45066","reference_id":"CVE-2026-45066","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45066"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45066.yaml","reference_id":"CVE-2026-45066.YAML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/html-sanitizer/CVE-2026-45066.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45066.yaml","reference_id":"CVE-2026-45066.YAML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45066.yaml"},{"reference_url":"https://github.com/advisories/GHSA-qc95-4862-92fh","reference_id":"GHSA-qc95-4862-92fh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qc95-4862-92fh"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qc95-4862-92fh","reference_id":"GHSA-qc95-4862-92fh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qc95-4862-92fh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45066","GHSA-qc95-4862-92fh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vur-b48u-pqeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/171006?format=json","vulnerability_id":"VCID-8y4h-6hx7-v3h5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21424","reference_id":"","reference_type":"","scores":[{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56786","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21424"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21424","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21424"},{"reference_url":"https://symfony.com/cve-2021-21424","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2021-21424"},{"reference_url":"https://usn.ubuntu.com/USN-5290-1/","reference_id":"USN-USN-5290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208577?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2021-21424","GHSA-5pv8-ppvj-4h68"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8y4h-6hx7-v3h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/348213?format=json","vulnerability_id":"VCID-926t-a38r-17dd","summary":"","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-48747"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-926t-a38r-17dd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14378?format=json","vulnerability_id":"VCID-93v3-vzkx-xqba","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\n`Symfony/Http-Kernel` is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the `trusted_headers` allowed list are ignored and protect users from Cache poisoning attacks. In Symfony, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the `trusted_headers` allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41267","reference_id":"","reference_type":"","scores":[{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64475","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41267"},{"reference_url":"https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487"},{"reference_url":"https://github.com/symfony/symfony/pull/44243","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/44243"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v5.3.12","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v5.3.12"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41267","reference_id":"CVE-2021-41267","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41267"},{"reference_url":"https://symfony.com/cve-2021-41267","reference_id":"CVE-2021-41267","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2021-41267"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml","reference_id":"CVE-2021-41267.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml","reference_id":"CVE-2021-41267.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q3j3-w37x-hq2q","reference_id":"GHSA-q3j3-w37x-hq2q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3j3-w37x-hq2q"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q","reference_id":"GHSA-q3j3-w37x-hq2q","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2021-41267","GHSA-q3j3-w37x-hq2q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93v3-vzkx-xqba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/348216?format=json","vulnerability_id":"VCID-9cfq-wdcw-13f8","summary":"","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-48784"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9cfq-wdcw-13f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/269375?format=json","vulnerability_id":"VCID-9mbr-qumx-8yhz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.74047","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736"},{"reference_url":"https://symfony.com/cve-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-51736"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-51736","GHSA-qq5c-677p-737q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mbr-qumx-8yhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13166?format=json","vulnerability_id":"VCID-a9gt-63v3-vbdf","summary":"Unrestricted Upload of File with Dangerous Type\nWhen using the scalar type hint `string` in a setter method (e.g. `setName(string$name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19789","reference_id":"","reference_type":"","scores":[{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75497","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19789"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19789","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19789"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path"},{"reference_url":"https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://symfony.com/cve-2018-19789","reference_id":"CVE-2018-19789","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-19789"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208567?format=json","purl":"pkg:deb/debian/symfony@3.4.20%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.20%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-19789","GHSA-x3cf-w64x-4cp2"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9gt-63v3-vbdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341425?format=json","vulnerability_id":"VCID-brbn-9szp-2ubx","summary":"Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://symfony.com/cve-2026-45070","reference_id":"CVE-2026-45070","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45070"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2026-45070.yaml","reference_id":"CVE-2026-45070.YAML","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2026-45070.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45070.yaml","reference_id":"CVE-2026-45070.YAML","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45070.yaml"},{"reference_url":"https://github.com/advisories/GHSA-vqc8-7275-q272","reference_id":"GHSA-vqc8-7275-q272","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vqc8-7275-q272"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-vqc8-7275-q272","reference_id":"GHSA-vqc8-7275-q272","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-vqc8-7275-q272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45070","GHSA-vqc8-7275-q272"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brbn-9szp-2ubx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/348215?format=json","vulnerability_id":"VCID-btxp-ywr3-ukgj","summary":"","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-48761"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-btxp-ywr3-ukgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/348210?format=json","vulnerability_id":"VCID-buyw-5tjv-myem","summary":"","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-46626"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-buyw-5tjv-myem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/348212?format=json","vulnerability_id":"VCID-cfca-cgne-4fev","summary":"","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-48736"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cfca-cgne-4fev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/164927?format=json","vulnerability_id":"VCID-ctej-r3tb-m3es","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5275","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50922","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5275"},{"reference_url":"https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415","reference_id":"961415","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5275","reference_id":"CVE-2020-5275","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5275"},{"reference_url":"https://symfony.com/cve-2020-5275","reference_id":"CVE-2020-5275","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2020-5275"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2020-5275.yaml","reference_id":"CVE-2020-5275.YAML","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2020-5275.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2020-5275.yaml","reference_id":"CVE-2020-5275.YAML","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2020-5275.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5275.yaml","reference_id":"CVE-2020-5275.YAML","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5275.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g4m9-5hpf-hx72","reference_id":"GHSA-g4m9-5hpf-hx72","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4m9-5hpf-hx72"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72","reference_id":"GHSA-g4m9-5hpf-hx72","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208575?format=json","purl":"pkg:deb/debian/symfony@4.4.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2020-5275","GHSA-g4m9-5hpf-hx72"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctej-r3tb-m3es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/269616?format=json","vulnerability_id":"VCID-ctsg-cxd2-c7ar","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51996","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25231","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51996"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:49:11Z/"}],"url":"https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:49:11Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51996","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51996"},{"reference_url":"https://symfony.com/cve-2024-51996","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-51996"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208604?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208599?format=json","purl":"pkg:deb/debian/symfony@6.4.15%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.15%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-51996","GHSA-cg23-qf8f-62rr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctsg-cxd2-c7ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10944?format=json","vulnerability_id":"VCID-d4ry-msw9-17gu","summary":"Cryptographic Issues\nThe `nextBytes` function in the `SecureRandom` class in Symfony does not properly generate random numbers when used with PHP without the `paragonie/random_compat` library and the `openssl_random_pseudo_bytes` function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1902","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60758","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1902"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-1902.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-1902.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-1902.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-1902.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-1902.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-1902.yaml"},{"reference_url":"https://github.com/symfony/symfony/pull/17359","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/17359"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1902","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1902"},{"reference_url":"https://www.landaire.net/blog/cve-2016-1902-symfony-securerandom","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.landaire.net/blog/cve-2016-1902-symfony-securerandom"},{"reference_url":"http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails"},{"reference_url":"http://www.debian.org/security/2016/dsa-3588","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3588"},{"reference_url":"https://symfony.com/cve-2016-1902","reference_id":"CVE-2016-1902","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-1902"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208560?format=json","purl":"pkg:deb/debian/symfony@2.7.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.7.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2016-1902","GHSA-jjx5-fq5g-8xpc"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d4ry-msw9-17gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341410?format=json","vulnerability_id":"VCID-d7r9-9h57-5yen","summary":"Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/bcf487c22f3240ba994124e0e0fe8616f3cfc47a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/bcf487c22f3240ba994124e0e0fe8616f3cfc47a"},{"reference_url":"https://symfony.com/cve-2026-45065","reference_id":"CVE-2026-45065","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45065"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2026-45065.yaml","reference_id":"CVE-2026-45065.YAML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2026-45065.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45065.yaml","reference_id":"CVE-2026-45065.YAML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45065.yaml"},{"reference_url":"https://github.com/advisories/GHSA-72xp-p242-47p9","reference_id":"GHSA-72xp-p242-47p9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72xp-p242-47p9"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-72xp-p242-47p9","reference_id":"GHSA-72xp-p242-47p9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-72xp-p242-47p9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45065","GHSA-72xp-p242-47p9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7r9-9h57-5yen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12861?format=json","vulnerability_id":"VCID-d814-yjkr-p3ga","summary":"Attacker can read all files content on the server\nWhen a form is submitted by the user, the request handler classes of the Form component merge POST data (known as the `$_POST` array in plain PHP) and uploaded files data (known as the `$_FILES` array in plain PHP) into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. A user can send a crafted HTTP request where the value of a `FileType` is sent as normal `POST` data that could be interpreted as a locale file path on the server-side (for example, `file:///etc/passwd`). If the application did not perform any additional checks about the value submitted to the `FileType`, the contents of the given file on the server could have been exposed to the attacker.","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16790","reference_id":"","reference_type":"","scores":[{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.7204","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2017-16790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2017-16790.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16790.yaml"},{"reference_url":"https://github.com/symfony/form","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/form"},{"reference_url":"https://github.com/symfony/symfony/pull/24993","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/24993"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16790","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16790"},{"reference_url":"https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files"},{"reference_url":"https://symfony.com/cve-2017-16790","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2017-16790"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"http://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files","reference_id":"CVE-2017-16790-ENSURE-THAT-SUBMITTED-DATA-ARE-UPLOADED-FILES","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208563?format=json","purl":"pkg:deb/debian/symfony@3.4.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-16790","GHSA-cqqh-94r6-wjrg"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d814-yjkr-p3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/268519?format=json","vulnerability_id":"VCID-dmsr-jrsf-tqdu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50342","reference_id":"","reference_type":"","scores":[{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66345","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50342"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/"}],"url":"https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50342","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50342"},{"reference_url":"https://symfony.com/cve-2024-50342","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50342"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208594?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208599?format=json","purl":"pkg:deb/debian/symfony@6.4.15%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.15%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-50342","GHSA-9c3x-r3wp-mgxm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsr-jrsf-tqdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/268518?format=json","vulnerability_id":"VCID-dw66-36y1-g7hz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50341","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3463","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50341"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2024-50341.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2024-50341.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50341.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50341.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:59Z/"}],"url":"https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:59Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50341","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50341"},{"reference_url":"https://symfony.com/cve-2024-50341","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50341"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208598?format=json","purl":"pkg:deb/debian/symfony@6.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-50341","GHSA-jxgr-3v7q-3w9v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dw66-36y1-g7hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10679?format=json","vulnerability_id":"VCID-epe4-cnhd-zyef","summary":"Esi Code Injection\nApplications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\\Component\\HttpKernel\\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089"},{"reference_url":"http://jvn.jp/en/jp/JVN19578958/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19578958/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68022","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308"},{"reference_url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection"},{"reference_url":"https://symfony.com/cve-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2308"},{"reference_url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357"},{"reference_url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"CVE-2015-2308-ESI-CODE-INJECTION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208555?format=json","purl":"pkg:deb/debian/symfony@2.3.21%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.3.21%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2015-2308","GHSA-5c58-w9xc-qcj9"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epe4-cnhd-zyef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/348214?format=json","vulnerability_id":"VCID-fh6h-dyx9-83h1","summary":"","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-48760"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fh6h-dyx9-83h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12685?format=json","vulnerability_id":"VCID-fytq-6ane-hyf7","summary":"`DefaultAuthenticationSuccessHandler` or `DefaultAuthenticationFailureHandler` take the content of the `_target_path` parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16652","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44839","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/24995","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/24995"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16652","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16652"},{"reference_url":"https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers"},{"reference_url":"https://symfony.com/cve-2017-16652","reference_id":"CVE-2017-16652","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2017-16652"},{"reference_url":"http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers","reference_id":"CVE-2017-16652-OPEN-REDIRECT-VULNERABILITY-ON-SECURITY-HANDLERS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208563?format=json","purl":"pkg:deb/debian/symfony@3.4.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-16652","GHSA-r7p7-qr7p-2rrf"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fytq-6ane-hyf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12860?format=json","vulnerability_id":"VCID-g8cq-v4et-cue4","summary":"An attacker can navigate to arbitrary directories via the dot-dot-slash attack\nThis package includes various bundle readers that are used to read resource bundles from the local filesystem. The `read()` methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a `URL` parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack.","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16654","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68025","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/intl/CVE-2017-16654.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/intl/CVE-2017-16654.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16654.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16654.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/24994","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/24994"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16654","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16654"},{"reference_url":"https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths"},{"reference_url":"https://symfony.com/cve-2017-16654","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2017-16654"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"http://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths","reference_id":"CVE-2017-16654-INTL-BUNDLE-READERS-BREAKING-OUT-OF-PATHS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208563?format=json","purl":"pkg:deb/debian/symfony@3.4.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-16654","GHSA-c49r-8gj6-768r"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8cq-v4et-cue4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341432?format=json","vulnerability_id":"VCID-gd71-zeaf-zqbr","summary":"Symfony hardened the parser when handling untrusted input","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/914f427ed9630ddb3904dafba763e53d9f133fe3","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/914f427ed9630ddb3904dafba763e53d9f133fe3"},{"reference_url":"https://symfony.com/cve-2026-45133","reference_id":"CVE-2026-45133","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45133"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45133.yaml","reference_id":"CVE-2026-45133.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45133.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45133.yaml","reference_id":"CVE-2026-45133.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45133.yaml"},{"reference_url":"https://github.com/advisories/GHSA-c2p3-7m5p-cv8x","reference_id":"GHSA-c2p3-7m5p-cv8x","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c2p3-7m5p-cv8x"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-c2p3-7m5p-cv8x","reference_id":"GHSA-c2p3-7m5p-cv8x","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-c2p3-7m5p-cv8x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45133","GHSA-c2p3-7m5p-cv8x"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gd71-zeaf-zqbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12862?format=json","vulnerability_id":"VCID-h377-gc9v-abep","summary":"Cross-Site Request Forgery (CSRF)\nThe current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16653","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55776","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e"},{"reference_url":"https://github.com/symfony/symfony/pull/24992","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/24992"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16653","reference_id":"CVE-2017-16653","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16653"},{"reference_url":"https://symfony.com/cve-2017-16653","reference_id":"CVE-2017-16653","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2017-16653"},{"reference_url":"https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https","reference_id":"CVE-2017-16653-CSRF-PROTECTION-DOES-NOT-USE-DIFFERENT-TOKENS-FOR-HTTP-AND-HTTPS","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml","reference_id":"CVE-2017-16653.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml","reference_id":"CVE-2017-16653.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml","reference_id":"CVE-2017-16653.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml"},{"reference_url":"https://github.com/advisories/GHSA-92x6-h2gr-8gxq","reference_id":"GHSA-92x6-h2gr-8gxq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92x6-h2gr-8gxq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208563?format=json","purl":"pkg:deb/debian/symfony@3.4.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-16653","GHSA-92x6-h2gr-8gxq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h377-gc9v-abep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22279?format=json","vulnerability_id":"VCID-hkcs-2mjk-ubhw","summary":"Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows\nThe Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters.\n\nThis can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24739","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01652","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24739"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3"},{"reference_url":"https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b"},{"reference_url":"https://github.com/symfony/symfony/issues/62921","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/issues/62921"},{"reference_url":"https://github.com/symfony/symfony/pull/63164","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/pull/63164"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24739","reference_id":"CVE-2026-24739","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24739"},{"reference_url":"https://github.com/advisories/GHSA-r39x-jcww-82v6","reference_id":"GHSA-r39x-jcww-82v6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r39x-jcww-82v6"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6","reference_id":"GHSA-r39x-jcww-82v6","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-24739","GHSA-r39x-jcww-82v6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkcs-2mjk-ubhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341445?format=json","vulnerability_id":"VCID-hvyj-6dw1-v3dm","summary":"Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/1ac2d47418ec23066112db1e6ca35be6fe123d14","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/1ac2d47418ec23066112db1e6ca35be6fe123d14"},{"reference_url":"https://symfony.com/cve-2026-45756","reference_id":"CVE-2026-45756","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45756"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/json-path/CVE-2026-45756.yaml","reference_id":"CVE-2026-45756.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/json-path/CVE-2026-45756.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45756.yaml","reference_id":"CVE-2026-45756.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45756.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8v8v-g73j-492j","reference_id":"GHSA-8v8v-g73j-492j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8v8v-g73j-492j"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-8v8v-g73j-492j","reference_id":"GHSA-8v8v-g73j-492j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-8v8v-g73j-492j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45756","GHSA-8v8v-g73j-492j"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvyj-6dw1-v3dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13623?format=json","vulnerability_id":"VCID-j49y-k2gh-sya6","summary":"Empty passwords validation issue\nValidating a user password with a `UserPassword` constraint but with no `NotBlank` constraint passes without any error (the empty password would not be compared with the user password). Note that you should always be explicit and add a `NotBlank` constraint, but as it worked before without, it's considered as a backward compatibility break and a security issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11365","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58133","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11365"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f"},{"reference_url":"https://github.com/symfony/symfony/pull/23507","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/23507"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-11365","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-11365"},{"reference_url":"https://symfony.com/cve-2017-11365","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2017-11365"},{"reference_url":"https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue","reference_id":"CVE-2017-11365-EMPTY-PASSWORDS-VALIDATION-ISSUE","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-11365","GHSA-q87v-q8fw-gmj5"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j49y-k2gh-sya6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142074?format=json","vulnerability_id":"VCID-k3e5-c9kc-sqg1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18886","reference_id":"","reference_type":"","scores":[{"value":"0.01546","scoring_system":"epss","scoring_elements":"0.81702","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18886"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18886","reference_id":"CVE-2019-18886","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18886"},{"reference_url":"https://symfony.com/cve-2019-18886","reference_id":"CVE-2019-18886","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18886"},{"reference_url":"https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality","reference_id":"CVE-2019-18886-PREVENT-USER-ENUMERATION-USING-SWITCH-USER-FUNCTIONALITY","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-18886.yaml","reference_id":"CVE-2019-18886.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-18886.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18886.yaml","reference_id":"CVE-2019-18886.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18886.yaml"},{"reference_url":"https://github.com/advisories/GHSA-4vpc-5jx4-cfqg","reference_id":"GHSA-4vpc-5jx4-cfqg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vpc-5jx4-cfqg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208571?format=json","purl":"pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.3.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-18886","GHSA-4vpc-5jx4-cfqg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k3e5-c9kc-sqg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137282?format=json","vulnerability_id":"VCID-kw21-fsjq-mbb4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11325","reference_id":"","reference_type":"","scores":[{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89517","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11325"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11325","reference_id":"CVE-2019-11325","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11325"},{"reference_url":"https://symfony.com/cve-2019-11325","reference_id":"CVE-2019-11325","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-11325"},{"reference_url":"https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter","reference_id":"CVE-2019-11325-FIX-ESCAPING-OF-STRINGS-IN-VAREXPORTER","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml","reference_id":"CVE-2019-11325.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml","reference_id":"CVE-2019-11325.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml"},{"reference_url":"https://github.com/advisories/GHSA-w4rc-rx25-8m86","reference_id":"GHSA-w4rc-rx25-8m86","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w4rc-rx25-8m86"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208571?format=json","purl":"pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.3.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-11325","GHSA-w4rc-rx25-8m86"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kw21-fsjq-mbb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12690?format=json","vulnerability_id":"VCID-kx25-m1mp-zfay","summary":"Insufficient Session Expiration\nThe `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78204","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386"},{"reference_url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11386","reference_id":"CVE-2018-11386","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11386"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208564?format=json","purl":"pkg:deb/debian/symfony@3.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-11386","GHSA-r2rq-3h56-fqm4"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kx25-m1mp-zfay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341433?format=json","vulnerability_id":"VCID-kxff-fp12-qfcu","summary":"Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion (\"Billion Laughs\")","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/e77391b2e4f18821198f010d573674c8ed4a970a","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e77391b2e4f18821198f010d573674c8ed4a970a"},{"reference_url":"https://symfony.com/cve-2026-45304","reference_id":"CVE-2026-45304","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45304"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45304.yaml","reference_id":"CVE-2026-45304.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45304.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45304.yaml","reference_id":"CVE-2026-45304.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45304.yaml"},{"reference_url":"https://github.com/advisories/GHSA-4qpc-3hr4-r2p4","reference_id":"GHSA-4qpc-3hr4-r2p4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qpc-3hr4-r2p4"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-4qpc-3hr4-r2p4","reference_id":"GHSA-4qpc-3hr4-r2p4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-4qpc-3hr4-r2p4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45304","GHSA-4qpc-3hr4-r2p4"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxff-fp12-qfcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13602?format=json","vulnerability_id":"VCID-m1y3-csp4-aqe4","summary":"Deserialization of Untrusted Data\nIn Symfony it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10912","reference_id":"","reference_type":"","scores":[{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78513","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10912"},{"reference_url":"https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10912","reference_id":"CVE-2019-10912","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10912"},{"reference_url":"https://symfony.com/cve-2019-10912","reference_id":"CVE-2019-10912","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10912"},{"reference_url":"https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized","reference_id":"CVE-2019-10912-PREVENT-DESTRUCTORS-WITH-SIDE-EFFECTS-FROM-BEING-UNSERIALIZED","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/advisories/GHSA-w2fr-65vp-mxw3","reference_id":"GHSA-w2fr-65vp-mxw3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w2fr-65vp-mxw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208568?format=json","purl":"pkg:deb/debian/symfony@3.4.22%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.22%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-10912","GHSA-w2fr-65vp-mxw3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1y3-csp4-aqe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142076?format=json","vulnerability_id":"VCID-mbd5-rsax-jya9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85034","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888"},{"reference_url":"https://symfony.com/cve-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18888"},{"reference_url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser","reference_id":"CVE-2019-18888-PREVENT-ARGUMENT-INJECTION-IN-A-MIMETYPEGUESSER","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xhh6-956q-4q69","reference_id":"GHSA-xhh6-956q-4q69","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhh6-956q-4q69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208571?format=json","purl":"pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.3.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-18888","GHSA-xhh6-956q-4q69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbd5-rsax-jya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20764?format=json","vulnerability_id":"VCID-mqjv-9ptq-q3g9","summary":"Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass\nThe `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64500","reference_id":"","reference_type":"","scores":[{"value":"0.06307","scoring_system":"epss","scoring_elements":"0.91097","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64500"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64500","reference_id":"CVE-2025-64500","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64500"},{"reference_url":"https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass","reference_id":"CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml","reference_id":"CVE-2025-64500.YAML","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml","reference_id":"CVE-2025-64500.YAML","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3rg7-wf37-54rm","reference_id":"GHSA-3rg7-wf37-54rm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rg7-wf37-54rm"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm","reference_id":"GHSA-3rg7-wf37-54rm","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208607?format=json","purl":"pkg:deb/debian/symfony@7.4.0~rc1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.0~rc1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2025-64500","GHSA-3rg7-wf37-54rm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqjv-9ptq-q3g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18796?format=json","vulnerability_id":"VCID-mxta-zqzb-nfbv","summary":"Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734","reference_id":"","reference_type":"","scores":[{"value":"0.02419","scoring_system":"epss","scoring_elements":"0.85376","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54"},{"reference_url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774","reference_id":"1055774","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734","reference_id":"CVE-2023-46734","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734"},{"reference_url":"https://symfony.com/cve-2023-46734","reference_id":"CVE-2023-46734","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2023-46734"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml","reference_id":"CVE-2023-46734.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208592?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208588?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208590?format=json","purl":"pkg:deb/debian/symfony@5.4.31%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.31%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-46734","GHSA-q847-2q57-wmr3"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxta-zqzb-nfbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341431?format=json","vulnerability_id":"VCID-mzxb-ryz7-xbev","summary":"Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/0891b2f293896c488e26943dc034334364b77fc4","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/0891b2f293896c488e26943dc034334364b77fc4"},{"reference_url":"https://symfony.com/cve-2026-45077","reference_id":"CVE-2026-45077","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45077"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/monolog-bridge/CVE-2026-45077.yaml","reference_id":"CVE-2026-45077.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/monolog-bridge/CVE-2026-45077.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45077.yaml","reference_id":"CVE-2026-45077.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45077.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m7v2-7gxm-vc2v","reference_id":"GHSA-m7v2-7gxm-vc2v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m7v2-7gxm-vc2v"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-m7v2-7gxm-vc2v","reference_id":"GHSA-m7v2-7gxm-vc2v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-m7v2-7gxm-vc2v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45077","GHSA-m7v2-7gxm-vc2v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzxb-ryz7-xbev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/136976?format=json","vulnerability_id":"VCID-n1c7-yabu-jye7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10910","reference_id":"","reference_type":"","scores":[{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93864","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10910"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb"},{"reference_url":"https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b"},{"reference_url":"https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_19","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_19"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10910","reference_id":"CVE-2019-10910","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10910"},{"reference_url":"https://symfony.com/cve-2019-10910","reference_id":"CVE-2019-10910","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10910"},{"reference_url":"https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid","reference_id":"CVE-2019-10910-CHECK-SERVICE-IDS-ARE-VALID","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/advisories/GHSA-pgwj-prpq-jpc2","reference_id":"GHSA-pgwj-prpq-jpc2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pgwj-prpq-jpc2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208568?format=json","purl":"pkg:deb/debian/symfony@3.4.22%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.22%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-10910","GHSA-pgwj-prpq-jpc2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n1c7-yabu-jye7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12686?format=json","vulnerability_id":"VCID-n4kq-nskp-1qar","summary":"Session Fixation\nA session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76054","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f"},{"reference_url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b"},{"reference_url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385"},{"reference_url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11385","reference_id":"CVE-2018-11385","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208564?format=json","purl":"pkg:deb/debian/symfony@3.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-11385","GHSA-g4rg-rw65-8hfg"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4kq-nskp-1qar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341426?format=json","vulnerability_id":"VCID-nsrm-u4km-qqa1","summary":"Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/eea5fd7488cbdc241da4ce242344b7d9a3ecdf3d","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/eea5fd7488cbdc241da4ce242344b7d9a3ecdf3d"},{"reference_url":"https://symfony.com/cve-2026-45071","reference_id":"CVE-2026-45071","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45071"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dom-crawler/CVE-2026-45071.yaml","reference_id":"CVE-2026-45071.YAML","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dom-crawler/CVE-2026-45071.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45071.yaml","reference_id":"CVE-2026-45071.YAML","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45071.yaml"},{"reference_url":"https://github.com/advisories/GHSA-x6g4-fwcc-jj8w","reference_id":"GHSA-x6g4-fwcc-jj8w","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x6g4-fwcc-jj8w"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-x6g4-fwcc-jj8w","reference_id":"GHSA-x6g4-fwcc-jj8w","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-x6g4-fwcc-jj8w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45071","GHSA-x6g4-fwcc-jj8w"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsrm-u4km-qqa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18795?format=json","vulnerability_id":"VCID-pnq6-u1q3-ebff","summary":"Cross-site scripting\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now does not return any user-submitted input in its response.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46735","reference_id":"","reference_type":"","scores":[{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.86618","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46735"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:14:14Z/"}],"url":"https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46735","reference_id":"CVE-2023-46735","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46735"},{"reference_url":"https://symfony.com/cve-2023-46735","reference_id":"CVE-2023-46735","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2023-46735"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46735.yaml","reference_id":"CVE-2023-46735.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46735.yaml"},{"reference_url":"https://github.com/advisories/GHSA-72x2-5c85-6wmr","reference_id":"GHSA-72x2-5c85-6wmr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-72x2-5c85-6wmr"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr","reference_id":"GHSA-72x2-5c85-6wmr","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:14:14Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-46735","GHSA-72x2-5c85-6wmr"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnq6-u1q3-ebff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341428?format=json","vulnerability_id":"VCID-qscu-huud-4fbz","summary":"Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/ec50b799d79ebe24561f29351c1efcb6da95c9b","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/ec50b799d79ebe24561f29351c1efcb6da95c9b"},{"reference_url":"https://symfony.com/cve-2026-45073","reference_id":"CVE-2026-45073","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45073"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2026-45073.yaml","reference_id":"CVE-2026-45073.YAML","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2026-45073.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45073.yaml","reference_id":"CVE-2026-45073.YAML","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45073.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6qh9-h6wf-jgqc","reference_id":"GHSA-6qh9-h6wf-jgqc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6qh9-h6wf-jgqc"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-6qh9-h6wf-jgqc","reference_id":"GHSA-6qh9-h6wf-jgqc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-6qh9-h6wf-jgqc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45073","GHSA-6qh9-h6wf-jgqc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qscu-huud-4fbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11277?format=json","vulnerability_id":"VCID-rq6s-h7p6-b3f1","summary":"Unauthorized access on a misconfigured LDAP server\nThere's a flaw in `LdapBindAuthenticationProvider` that allows for an unauthorized access on a misconfigured LDAP server when using an empty password. Applications are affected only if they use the LDAP authentication provider.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2403","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35788","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-2403.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-2403.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-2403.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-2403.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-2403.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-2403.yaml"},{"reference_url":"https://github.com/symfony/symfony/pull/18736","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/18736"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2403","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2403"},{"reference_url":"https://web.archive.org/web/20210123224944/http://www.securityfocus.com/bid/96137","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123224944/http://www.securityfocus.com/bid/96137"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2016-2403","reference_id":"CVE-2016-2403","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-2403"},{"reference_url":"http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password","reference_id":"CVE-2016-2403-UNAUTHORIZED-ACCESS-ON-A-MISCONFIGURED-LDAP-SERVER-WHEN-USING-AN-EMPTY-PASSWORD","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208561?format=json","purl":"pkg:deb/debian/symfony@2.8.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.8.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2016-2403","GHSA-wvj5-r78r-hhfq"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rq6s-h7p6-b3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10675?format=json","vulnerability_id":"VCID-s3xz-n4w1-ekd2","summary":"Improper Access Control\nFragmentListener in the HttpKernel component in Symfony, when ESI or SSI support enabled, does not check if the `_controller` attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to `/_fragment`.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159603.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159603.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159610.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159610.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4050","reference_id":"","reference_type":"","scores":[{"value":"0.76192","scoring_system":"epss","scoring_elements":"0.98948","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4050"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-4050.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-4050.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-4050.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-4050.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4050","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4050"},{"reference_url":"https://web.archive.org/web/20200228090443/http://www.securityfocus.com/bid/74928","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228090443/http://www.securityfocus.com/bid/74928"},{"reference_url":"http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access"},{"reference_url":"http://www.debian.org/security/2015/dsa-3276","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3276"},{"reference_url":"https://symfony.com/cve-2015-4050","reference_id":"CVE-2015-4050","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-4050"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208556?format=json","purl":"pkg:deb/debian/symfony@2.7.0~beta2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.7.0~beta2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2015-4050","GHSA-qmqw-mpqp-mr54"],"risk_score":0.3,"exploitability":"0.5","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3xz-n4w1-ekd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14382?format=json","vulnerability_id":"VCID-s5vg-85nk-tkfs","summary":"Session Fixation\n`Symfony/SecurityBundle` is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with, Symfony makes the password part of the signature by default. In that way, when the password changes, then the cookie is not valid anymore.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41268","reference_id":"","reference_type":"","scores":[{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65175","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41268"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc"},{"reference_url":"https://github.com/symfony/symfony/pull/44243","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/44243"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v5.3.12","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v5.3.12"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41268","reference_id":"CVE-2021-41268","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41268"},{"reference_url":"https://symfony.com/cve-2021-41268","reference_id":"CVE-2021-41268","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2021-41268"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml","reference_id":"CVE-2021-41268.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml","reference_id":"CVE-2021-41268.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml"},{"reference_url":"https://github.com/advisories/GHSA-qw36-p97w-vcqr","reference_id":"GHSA-qw36-p97w-vcqr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qw36-p97w-vcqr"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr","reference_id":"GHSA-qw36-p97w-vcqr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2021-41268","GHSA-qw36-p97w-vcqr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5vg-85nk-tkfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/348211?format=json","vulnerability_id":"VCID-styq-7bbp-pbf6","summary":"","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-48489"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-styq-7bbp-pbf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12689?format=json","vulnerability_id":"VCID-tpgm-tx2g-4bh2","summary":"Improper Authentication\nAn issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a `null` password and valid username, which triggers an unauthenticated bind.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11407","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33923","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11407"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934"},{"reference_url":"https://github.com/symfony/symfony/pull/27377","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/27377"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11407","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11407"},{"reference_url":"https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password"},{"reference_url":"https://symfony.com/cve-2018-11407","reference_id":"CVE-2018-11407","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11407"},{"reference_url":"https://usn.ubuntu.com/USN-4836-1/","reference_id":"USN-USN-4836-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4836-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208564?format=json","purl":"pkg:deb/debian/symfony@3.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-11407","GHSA-35c5-28pg-2qg4"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tpgm-tx2g-4bh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341422?format=json","vulnerability_id":"VCID-usft-rqta-eyhg","summary":"Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\\Component\\Mime\\Address","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/dc2dbd29211eb4ddc451373fa1374fb926e94604","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/dc2dbd29211eb4ddc451373fa1374fb926e94604"},{"reference_url":"https://symfony.com/cve-2026-45067","reference_id":"CVE-2026-45067","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45067"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2026-45067.yaml","reference_id":"CVE-2026-45067.YAML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2026-45067.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45067.yaml","reference_id":"CVE-2026-45067.YAML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45067.yaml"},{"reference_url":"https://github.com/advisories/GHSA-qpmx-3rfj-7rhv","reference_id":"GHSA-qpmx-3rfj-7rhv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpmx-3rfj-7rhv"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qpmx-3rfj-7rhv","reference_id":"GHSA-qpmx-3rfj-7rhv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qpmx-3rfj-7rhv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45067","GHSA-qpmx-3rfj-7rhv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-usft-rqta-eyhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16776?format=json","vulnerability_id":"VCID-uvpz-6mss-9bgn","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06271","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895"},{"reference_url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895","reference_id":"CVE-2022-24895","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895"},{"reference_url":"https://symfony.com/cve-2022-24895","reference_id":"CVE-2022-24895","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24895"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208586?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208585?format=json","purl":"pkg:deb/debian/symfony@5.4.20%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.20%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2022-24895","GHSA-3gv2-29qc-v67m","GMS-2023-210","GMS-2023-211"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uvpz-6mss-9bgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18794?format=json","vulnerability_id":"VCID-v78k-j32n-vyac","summary":"Symfony possible session fixation vulnerability\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier does not change between the verification phase and the successful login, while the token itself changes from one type (partially-authenticated) to another (fully-authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46733","reference_id":"","reference_type":"","scores":[{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79468","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46733"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/7467bd7e3f888b333102bc664b5e02ef1e7f88b9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/"}],"url":"https://github.com/symfony/symfony/commit/7467bd7e3f888b333102bc664b5e02ef1e7f88b9"},{"reference_url":"https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/"}],"url":"https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055775","reference_id":"1055775","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055775"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46733","reference_id":"CVE-2023-46733","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46733"},{"reference_url":"https://symfony.com/cve-2023-46733","reference_id":"CVE-2023-46733","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2023-46733"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46733.yaml","reference_id":"CVE-2023-46733.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46733.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m2wj-r6g3-fxfx","reference_id":"GHSA-m2wj-r6g3-fxfx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m2wj-r6g3-fxfx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx","reference_id":"GHSA-m2wj-r6g3-fxfx","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208588?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208590?format=json","purl":"pkg:deb/debian/symfony@5.4.31%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.31%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-46733","GHSA-m2wj-r6g3-fxfx"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v78k-j32n-vyac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10778?format=json","vulnerability_id":"VCID-vmr4-cut4-2fe6","summary":"Session Fixation\nSession fixation vulnerability in the `Remember Me` login feature in Symfony allows remote attackers to hijack web sessions via a session id.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8124","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53911","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8124"},{"reference_url":"http://seclists.org/fulldisclosure/2015/Dec/89","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2015/Dec/89"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8124.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8124.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8124.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8124.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8124.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8124.yaml"},{"reference_url":"https://github.com/symfony/symfony/pull/16631","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/16631"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8124","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8124"},{"reference_url":"https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature"},{"reference_url":"https://web.archive.org/web/20201209020014/http://www.securityfocus.com/archive/1/537183/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201209020014/http://www.securityfocus.com/archive/1/537183/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20210125123853/http://www.securityfocus.com/bid/77694","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210125123853/http://www.securityfocus.com/bid/77694"},{"reference_url":"http://www.debian.org/security/2015/dsa-3402","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3402"},{"reference_url":"https://symfony.com/cve-2015-8124","reference_id":"CVE-2015-8124","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-8124"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208558?format=json","purl":"pkg:deb/debian/symfony@2.7.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.7.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8124","GHSA-j5jh-hpr4-h332"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmr4-cut4-2fe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10653?format=json","vulnerability_id":"VCID-vnku-f414-dyh9","summary":"Unsafe methods in the Request class\nThe `Symfony\\Component\\HttpFoundation\\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a \"non-trusted\" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.","references":[{"reference_url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84"},{"reference_url":"https://github.com/symfony/symfony/pull/14166","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14166"},{"reference_url":"https://symfony.com/cve-2015-2309","reference_id":"CVE-2015-2309","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2309"},{"reference_url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class","reference_id":"CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml","reference_id":"CVE-2015-2309.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml","reference_id":"CVE-2015-2309.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j","reference_id":"GHSA-p684-f7fh-jv2j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208555?format=json","purl":"pkg:deb/debian/symfony@2.3.21%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.3.21%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2015-2309","GHSA-p684-f7fh-jv2j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnku-f414-dyh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12858?format=json","vulnerability_id":"VCID-vysf-2cxd-zqe2","summary":"Improper Input Validation\nAn issue was discovered in `HttpKernel` in Symfony When using `HttpCache`, the values of the `X-Forwarded-Host` headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14774","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35752","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14774"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a"},{"reference_url":"https://github.com/symfony/symfony/commit/7f912bbb78377c2ea331b3da28363435fbd91337","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/7f912bbb78377c2ea331b3da28363435fbd91337"},{"reference_url":"https://github.com/symfony/symfony/commit/96504fb8c9f91204727d2930eb837473ce154956","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/96504fb8c9f91204727d2930eb837473ce154956"},{"reference_url":"https://github.com/symfony/symfony/commit/974240e178bb01d734bf1df1ad5c3beba6a2f982","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/974240e178bb01d734bf1df1ad5c3beba6a2f982"},{"reference_url":"https://github.com/symfony/symfony/commit/9cfcaba0bf71f87683510b5f47ebaac5f5d6a5ba","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/9cfcaba0bf71f87683510b5f47ebaac5f5d6a5ba"},{"reference_url":"https://github.com/symfony/symfony/commit/bcf5897bb1a99d4acae8bf7b73e81bfdeaac0922","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/bcf5897bb1a99d4acae8bf7b73e81bfdeaac0922"},{"reference_url":"https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14774","reference_id":"CVE-2018-14774","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14774"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208566?format=json","purl":"pkg:deb/debian/symfony@3.4.14%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.14%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14774","GHSA-66p6-7p29-55p9"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vysf-2cxd-zqe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13167?format=json","vulnerability_id":"VCID-w8s1-z3hu-8beh","summary":"URL Redirection to Untrusted Site (Open Redirect)\nBy using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19790","reference_id":"","reference_type":"","scores":[{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.638","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19790"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19790","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19790"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http"},{"reference_url":"https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"http://www.securityfocus.com/bid/106249","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106249"},{"reference_url":"https://symfony.com/cve-2018-19790","reference_id":"CVE-2018-19790","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-19790"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208567?format=json","purl":"pkg:deb/debian/symfony@3.4.20%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.20%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-19790","GHSA-89r2-5g34-2g47"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8s1-z3hu-8beh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142075?format=json","vulnerability_id":"VCID-wnu2-cmrt-bkhr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74565","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887","reference_id":"CVE-2019-18887","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887"},{"reference_url":"https://symfony.com/cve-2019-18887","reference_id":"CVE-2019-18887","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18887"},{"reference_url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner","reference_id":"CVE-2019-18887-USE-CONSTANT-TIME-COMPARISON-IN-URISIGNER","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml","reference_id":"CVE-2019-18887.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml","reference_id":"CVE-2019-18887.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q8hg-pf8v-cxrv","reference_id":"GHSA-q8hg-pf8v-cxrv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8hg-pf8v-cxrv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208571?format=json","purl":"pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.3.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-18887","GHSA-q8hg-pf8v-cxrv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wnu2-cmrt-bkhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/268517?format=json","vulnerability_id":"VCID-wtr6-xz9n-uqg3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50340","reference_id":"","reference_type":"","scores":[{"value":"0.85051","scoring_system":"epss","scoring_elements":"0.99366","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50340"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/"}],"url":"https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50340","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50340"},{"reference_url":"https://symfony.com/cve-2024-50340","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50340"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208594?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208596?format=json","purl":"pkg:deb/debian/symfony@6.4.14%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.14%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-50340","GHSA-x8vp-gf4q-mw5j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtr6-xz9n-uqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341434?format=json","vulnerability_id":"VCID-wv5b-2644-w3gf","summary":"Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/9749cd43c5e09b3735093623670b21b9d8a056cb","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/9749cd43c5e09b3735093623670b21b9d8a056cb"},{"reference_url":"https://symfony.com/cve-2026-45305","reference_id":"CVE-2026-45305","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45305"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45305.yaml","reference_id":"CVE-2026-45305.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45305.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45305.yaml","reference_id":"CVE-2026-45305.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45305.yaml"},{"reference_url":"https://github.com/advisories/GHSA-9frc-8383-795m","reference_id":"GHSA-9frc-8383-795m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9frc-8383-795m"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-9frc-8383-795m","reference_id":"GHSA-9frc-8383-795m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-9frc-8383-795m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45305","GHSA-9frc-8383-795m"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv5b-2644-w3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341430?format=json","vulnerability_id":"VCID-x5hp-7y5c-4qep","summary":"Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/fa8d5c67aa4b22c9656e3fd7d5c3aa59865bf838","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fa8d5c67aa4b22c9656e3fd7d5c3aa59865bf838"},{"reference_url":"https://symfony.com/cve-2026-45075","reference_id":"CVE-2026-45075","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45075"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2026-45075.yaml","reference_id":"CVE-2026-45075.YAML","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2026-45075.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45075.yaml","reference_id":"CVE-2026-45075.YAML","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2026-45075.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45075.yaml","reference_id":"CVE-2026-45075.YAML","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45075.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6439-2f28-8p8q","reference_id":"GHSA-6439-2f28-8p8q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6439-2f28-8p8q"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-6439-2f28-8p8q","reference_id":"GHSA-6439-2f28-8p8q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-6439-2f28-8p8q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45075","GHSA-6439-2f28-8p8q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5hp-7y5c-4qep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142077?format=json","vulnerability_id":"VCID-x8xk-7pga-33hz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18889","reference_id":"","reference_type":"","scores":[{"value":"0.05134","scoring_system":"epss","scoring_elements":"0.9001","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18889"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18889","reference_id":"CVE-2019-18889","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18889"},{"reference_url":"https://symfony.com/cve-2019-18889","reference_id":"CVE-2019-18889","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18889"},{"reference_url":"https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances","reference_id":"CVE-2019-18889-FORBID-SERIALIZING-ABSTRACTADAPTER-AND-TAGAWAREADAPTER-INSTANCES","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml","reference_id":"CVE-2019-18889.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml","reference_id":"CVE-2019-18889.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml"},{"reference_url":"https://github.com/advisories/GHSA-79gr-58r3-pwm3","reference_id":"GHSA-79gr-58r3-pwm3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-79gr-58r3-pwm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208571?format=json","purl":"pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.3.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-18889","GHSA-79gr-58r3-pwm3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8xk-7pga-33hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341444?format=json","vulnerability_id":"VCID-x92g-y871-7bdk","summary":"Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/4e0467e4e182cf2e704a3d9e1bc1a6be65d52ab8","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/4e0467e4e182cf2e704a3d9e1bc1a6be65d52ab8"},{"reference_url":"https://symfony.com/cve-2026-45755","reference_id":"CVE-2026-45755","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45755"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mailtrap-mailer/CVE-2026-45755.yaml","reference_id":"CVE-2026-45755.YAML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mailtrap-mailer/CVE-2026-45755.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45755.yaml","reference_id":"CVE-2026-45755.YAML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45755.yaml"},{"reference_url":"https://github.com/advisories/GHSA-59f3-vp2f-mp9w","reference_id":"GHSA-59f3-vp2f-mp9w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-59f3-vp2f-mp9w"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-59f3-vp2f-mp9w","reference_id":"GHSA-59f3-vp2f-mp9w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-59f3-vp2f-mp9w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45755","GHSA-59f3-vp2f-mp9w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x92g-y871-7bdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/123531?format=json","vulnerability_id":"VCID-y8ec-6rkd-1uev","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12040","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.5236","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12040"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208564?format=json","purl":"pkg:deb/debian/symfony@3.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-12040"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8ec-6rkd-1uev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/154941?format=json","vulnerability_id":"VCID-y9w8-wcn3-x7a1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15094","reference_id":"","reference_type":"","scores":[{"value":"0.02248","scoring_system":"epss","scoring_elements":"0.84855","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15094"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGUWOEETOFVH4PN3I3YO4QZHQ4AUKF3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAQJXAKWPMWB7OL6QPG2ZSEQZYYPU5RC/"},{"reference_url":"https://packagist.org/packages/symfony/http-kernel","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/symfony/http-kernel"},{"reference_url":"https://packagist.org/packages/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15094","reference_id":"CVE-2020-15094","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15094"},{"reference_url":"https://symfony.com/cve-2020-15094","reference_id":"CVE-2020-15094","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2020-15094"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2020-15094.yaml","reference_id":"CVE-2020-15094.YAML","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2020-15094.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-15094.yaml","reference_id":"CVE-2020-15094.YAML","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-15094.yaml"},{"reference_url":"https://github.com/advisories/GHSA-754h-5r27-7x3r","reference_id":"GHSA-754h-5r27-7x3r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-754h-5r27-7x3r"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r","reference_id":"GHSA-754h-5r27-7x3r","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208574?format=json","purl":"pkg:deb/debian/symfony@4.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15094","GHSA-754h-5r27-7x3r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9w8-wcn3-x7a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341423?format=json","vulnerability_id":"VCID-ya1e-7bph-pqgp","summary":"Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address","references":[{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/c45144862dc289d03952f41f6078174089a3afc6","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/c45144862dc289d03952f41f6078174089a3afc6"},{"reference_url":"https://symfony.com/cve-2026-45068","reference_id":"CVE-2026-45068","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-45068"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mailer/CVE-2026-45068.yaml","reference_id":"CVE-2026-45068.YAML","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mailer/CVE-2026-45068.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45068.yaml","reference_id":"CVE-2026-45068.YAML","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45068.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xx3c-qf5g-hc39","reference_id":"GHSA-xx3c-qf5g-hc39","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx3c-qf5g-hc39"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-xx3c-qf5g-hc39","reference_id":"GHSA-xx3c-qf5g-hc39","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-xx3c-qf5g-hc39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208609?format=json","purl":"pkg:deb/debian/symfony@7.4.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45068","GHSA-xx3c-qf5g-hc39"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ya1e-7bph-pqgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6143?format=json","vulnerability_id":"VCID-yasp-usps-xkc3","summary":"access restriction bypass","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95038","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773"},{"reference_url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2018-005"},{"reference_url":"http://www.securityfocus.com/bid/104943","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/104943"},{"reference_url":"http://www.securitytracker.com/id/1041405","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041405"},{"reference_url":"https://security.archlinux.org/AVG-744","reference_id":"AVG-744","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773","reference_id":"CVE-2018-14773","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773"},{"reference_url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers","reference_id":"CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq","reference_id":"GHSA-8wgj-6wx8-h5hq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208566?format=json","purl":"pkg:deb/debian/symfony@3.4.14%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.14%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14773","GHSA-8wgj-6wx8-h5hq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yasp-usps-xkc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10600?format=json","vulnerability_id":"VCID-ytp3-19j3-8qh8","summary":"Uncontrolled Resource Consumption\nThe Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5958","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65063","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5958"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yaml"},{"reference_url":"https://github.com/symfony/polyfill/pull/155","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/polyfill/pull/155"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/issues/11522","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/issues/11522"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5958","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5958"},{"reference_url":"https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released"},{"reference_url":"http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-5958","GHSA-cr49-fx2v-9p57"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ytp3-19j3-8qh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/268520?format=json","vulnerability_id":"VCID-yzth-mby6-fua5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4803","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343"},{"reference_url":"https://symfony.com/cve-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50343"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208600?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208594?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208601?format=json","purl":"pkg:deb/debian/symfony@6.4.11%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.11%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-50343","GHSA-g3rh-rrhp-jhh9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yzth-mby6-fua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178050?format=json","vulnerability_id":"VCID-z6me-f2c2-kbf2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32693","reference_id":"","reference_type":"","scores":[{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.68078","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32693"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-32693.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-32693.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-32693.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-32693.yaml"},{"reference_url":"https://github.com/symfony/security-http","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/security-http"},{"reference_url":"https://github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129"},{"reference_url":"https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32693","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32693"},{"reference_url":"https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one"},{"reference_url":"https://symfony.com/cve-2021-32693","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2021-32693"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208554?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2021-32693","GHSA-rfcf-m67m-jcrq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6me-f2c2-kbf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13608?format=json","vulnerability_id":"VCID-zmrn-3fbj-gqcm","summary":"Improper Authentication\nIn Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10911","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50816","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10911"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_19","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_19"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10911","reference_id":"CVE-2019-10911","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10911"},{"reference_url":"https://symfony.com/cve-2019-10911","reference_id":"CVE-2019-10911","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10911"},{"reference_url":"https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash","reference_id":"CVE-2019-10911-ADD-A-SEPARATOR-IN-THE-REMEMBER-ME-COOKIE-HASH","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml","reference_id":"CVE-2019-10911.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml","reference_id":"CVE-2019-10911.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml","reference_id":"CVE-2019-10911.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/advisories/GHSA-cchx-mfrc-fwqr","reference_id":"GHSA-cchx-mfrc-fwqr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cchx-mfrc-fwqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208568?format=json","purl":"pkg:deb/debian/symfony@3.4.22%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@3.4.22%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-10911","GHSA-cchx-mfrc-fwqr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmrn-3fbj-gqcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10945?format=json","vulnerability_id":"VCID-zqk8-27jq-j7dx","summary":"CVE-2016-4423: Large username storage in session\nThe attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.81005","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/18733","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/18733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423"},{"reference_url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"},{"reference_url":"http://www.debian.org/security/2016/dsa-3588","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3588"},{"reference_url":"https://symfony.com/cve-2016-4423","reference_id":"CVE-2016-4423","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-4423"},{"reference_url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"CVE-2016-4423-LARGE-USERNAME-STORAGE-IN-SESSION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208561?format=json","purl":"pkg:deb/debian/symfony@2.8.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.8.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2016-4423","GHSA-whgv-8cg3-7hcm"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqk8-27jq-j7dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/164910?format=json","vulnerability_id":"VCID-zwk3-xt1d-hke8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5255","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59374","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5255"},{"reference_url":"https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36JLPHUPKDFAX6D5WYFC4ALO2K7RDUQ/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415","reference_id":"961415","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961415"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5255","reference_id":"CVE-2020-5255","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5255"},{"reference_url":"https://symfony.com/cve-2020-5255","reference_id":"CVE-2020-5255","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2020-5255"},{"reference_url":"https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header","reference_id":"CVE-2020-5255-PREVENT-CACHE-POISONING-VIA-A-RESPONSE-CONTENT-TYPE-HEADER","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2020-5255.yaml","reference_id":"CVE-2020-5255.YAML","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2020-5255.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5255.yaml","reference_id":"CVE-2020-5255.YAML","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2020-5255.yaml"},{"reference_url":"https://github.com/advisories/GHSA-mcx4-f5f5-4859","reference_id":"GHSA-mcx4-f5f5-4859","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mcx4-f5f5-4859"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859","reference_id":"GHSA-mcx4-f5f5-4859","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/208575?format=json","purl":"pkg:deb/debian/symfony@4.4.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208548?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mqjv-9ptq-q3g9"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208545?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208550?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"},{"vulnerability":"VCID-3rs1-f6qt-vqbn"},{"vulnerability":"VCID-4e6m-3qj2-67ag"},{"vulnerability":"VCID-4ufx-41vp-ducg"},{"vulnerability":"VCID-5113-3b42-j3eh"},{"vulnerability":"VCID-5qmw-a84t-dfge"},{"vulnerability":"VCID-8akz-87u4-7uh9"},{"vulnerability":"VCID-8vur-b48u-pqeu"},{"vulnerability":"VCID-9cfq-wdcw-13f8"},{"vulnerability":"VCID-brbn-9szp-2ubx"},{"vulnerability":"VCID-btxp-ywr3-ukgj"},{"vulnerability":"VCID-buyw-5tjv-myem"},{"vulnerability":"VCID-cfca-cgne-4fev"},{"vulnerability":"VCID-d7r9-9h57-5yen"},{"vulnerability":"VCID-fh6h-dyx9-83h1"},{"vulnerability":"VCID-gd71-zeaf-zqbr"},{"vulnerability":"VCID-kxff-fp12-qfcu"},{"vulnerability":"VCID-mzxb-ryz7-xbev"},{"vulnerability":"VCID-nsrm-u4km-qqa1"},{"vulnerability":"VCID-qscu-huud-4fbz"},{"vulnerability":"VCID-styq-7bbp-pbf6"},{"vulnerability":"VCID-usft-rqta-eyhg"},{"vulnerability":"VCID-wv5b-2644-w3gf"},{"vulnerability":"VCID-ya1e-7bph-pqgp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/208549?format=json","purl":"pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2020-5255","GHSA-mcx4-f5f5-4859"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwk3-xt1d-hke8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie"}