{"url":"http://public2.vulnerablecode.io/api/packages/85118?format=json","purl":"pkg:composer/symfony/yaml@6.4.40","type":"composer","namespace":"symfony","name":"yaml","version":"6.4.40","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.0.22","latest_non_vulnerable_version":"8.0.12","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341432?format=json","vulnerability_id":"VCID-gd71-zeaf-zqbr","summary":"Symfony hardened the parser when handling untrusted input","references":[{"reference_url":"https://github.com/symfony/symfony/commit/914f427ed9630ddb3904dafba763e53d9f133fe3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/914f427ed9630ddb3904dafba763e53d9f133fe3"},{"reference_url":"https://symfony.com/cve-2026-45133","reference_id":"CVE-2026-45133","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45133"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45133.yaml","reference_id":"CVE-2026-45133.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45133.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45133.yaml","reference_id":"CVE-2026-45133.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45133.yaml"},{"reference_url":"https://github.com/advisories/GHSA-c2p3-7m5p-cv8x","reference_id":"GHSA-c2p3-7m5p-cv8x","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c2p3-7m5p-cv8x"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-c2p3-7m5p-cv8x","reference_id":"GHSA-c2p3-7m5p-cv8x","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-c2p3-7m5p-cv8x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85121?format=json","purl":"pkg:composer/symfony/yaml@5.4.52","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@5.4.52"},{"url":"http://public2.vulnerablecode.io/api/packages/85118?format=json","purl":"pkg:composer/symfony/yaml@6.4.40","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@6.4.40"},{"url":"http://public2.vulnerablecode.io/api/packages/85116?format=json","purl":"pkg:composer/symfony/yaml@7.4.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@7.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/85120?format=json","purl":"pkg:composer/symfony/yaml@8.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@8.0.12"}],"aliases":["CVE-2026-45133","GHSA-c2p3-7m5p-cv8x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gd71-zeaf-zqbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341433?format=json","vulnerability_id":"VCID-kxff-fp12-qfcu","summary":"Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion (\"Billion Laughs\")","references":[{"reference_url":"https://github.com/symfony/symfony/commit/e77391b2e4f18821198f010d573674c8ed4a970a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/e77391b2e4f18821198f010d573674c8ed4a970a"},{"reference_url":"https://symfony.com/cve-2026-45304","reference_id":"CVE-2026-45304","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45304"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45304.yaml","reference_id":"CVE-2026-45304.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45304.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45304.yaml","reference_id":"CVE-2026-45304.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45304.yaml"},{"reference_url":"https://github.com/advisories/GHSA-4qpc-3hr4-r2p4","reference_id":"GHSA-4qpc-3hr4-r2p4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qpc-3hr4-r2p4"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-4qpc-3hr4-r2p4","reference_id":"GHSA-4qpc-3hr4-r2p4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-4qpc-3hr4-r2p4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85121?format=json","purl":"pkg:composer/symfony/yaml@5.4.52","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@5.4.52"},{"url":"http://public2.vulnerablecode.io/api/packages/85118?format=json","purl":"pkg:composer/symfony/yaml@6.4.40","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@6.4.40"},{"url":"http://public2.vulnerablecode.io/api/packages/85116?format=json","purl":"pkg:composer/symfony/yaml@7.4.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@7.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/85120?format=json","purl":"pkg:composer/symfony/yaml@8.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@8.0.12"}],"aliases":["CVE-2026-45304","GHSA-4qpc-3hr4-r2p4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxff-fp12-qfcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341434?format=json","vulnerability_id":"VCID-wv5b-2644-w3gf","summary":"Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex","references":[{"reference_url":"https://github.com/symfony/symfony/commit/9749cd43c5e09b3735093623670b21b9d8a056cb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/9749cd43c5e09b3735093623670b21b9d8a056cb"},{"reference_url":"https://symfony.com/cve-2026-45305","reference_id":"CVE-2026-45305","reference_type":"","scores":[],"url":"https://symfony.com/cve-2026-45305"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45305.yaml","reference_id":"CVE-2026-45305.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45305.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45305.yaml","reference_id":"CVE-2026-45305.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45305.yaml"},{"reference_url":"https://github.com/advisories/GHSA-9frc-8383-795m","reference_id":"GHSA-9frc-8383-795m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9frc-8383-795m"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-9frc-8383-795m","reference_id":"GHSA-9frc-8383-795m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-9frc-8383-795m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85121?format=json","purl":"pkg:composer/symfony/yaml@5.4.52","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@5.4.52"},{"url":"http://public2.vulnerablecode.io/api/packages/85118?format=json","purl":"pkg:composer/symfony/yaml@6.4.40","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@6.4.40"},{"url":"http://public2.vulnerablecode.io/api/packages/85116?format=json","purl":"pkg:composer/symfony/yaml@7.4.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@7.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/85120?format=json","purl":"pkg:composer/symfony/yaml@8.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@8.0.12"}],"aliases":["CVE-2026-45305","GHSA-9frc-8383-795m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv5b-2644-w3gf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/yaml@6.4.40"}