| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-45071 |
low |
— |
2.5 |
8d ago |
Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true |
|
| CVE-2026-45072 |
low |
— |
2.5 |
8d ago |
Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering |
|
| CVE-2026-45304 |
low |
— |
2.5 |
8d ago |
Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs") |
|
| CVE-2026-45305 |
low |
— |
2.5 |
8d ago |
Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex |
|
| CVE-2026-45133 |
low |
— |
2.5 |
8d ago |
Symfony hardened the parser when handling untrusted input |
|