Package impact
Packagist / symfony/ux-live-component
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-49208 | unknown | — | — | 1d ago | symfony/ux-live-component Format-less date LiveProps parsed with the permissive DateTime constructor | |||
| CVE-2026-49209 | unknown | — | — | 1d ago | symfony/ux-live-component Denial of service via unbounded batch action requests | |||
| CVE-2026-49210 | unknown | — | — | 1d ago | symfony/ux-live-component XSS via attacker-controlled child component tag | |||
| CVE-2026-49212 | unknown | — | — | 1d ago | symfony/ux-live-component LiveComponentHydrator HMAC checksum lacks component and slot binding | |||
| CVE-2026-49215 | unknown | — | — | 1d ago | symfony/ux-live-component CSRF Protection Bypass: Accept Header is CORS-Safelisted |