VIR Vulnerability Intelligence Relay

Package impact

php Packagist / symfony/symfony

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2016-2403 critical 9.8 9.8 9y ago Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. debianphp
CVE-2026-45071 low 2.5 8d ago Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true debianphp
CVE-2026-45072 low 2.5 8d ago Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering debianphp
CVE-2026-45133 low 2.5 8d ago Symfony hardened the parser when handling untrusted input debianphp
CVE-2026-45304 low 2.5 8d ago Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs") debianphp
CVE-2026-45305 low 2.5 8d ago Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex debianphp