Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

8 advisories

Loading
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient Low
CVE-2024-50342 was published for symfony/http-client (Composer) Nov 6, 2024
nicolas-grekas zozs
cs278
Symfony vulnerable to open redirect via browser-sanitized URLs Low
CVE-2024-50345 was published for symfony/http-foundation (Composer) Nov 6, 2024
nicolas-grekas zer0yu
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled Low
CVE-2024-51755 was published for twig/twig (Composer) Nov 6, 2024
maantje nicolas-grekas
G-Rath
Symfony vulnerable to command execution hijack on Windows with Process class High
CVE-2024-51736 was published for symfony/process (Composer) Nov 6, 2024
nicolas-grekas
Symfony potential Cross-site Scripting in WebhookController Moderate
CVE-2023-46735 was published for symfony/symfony (Composer) Nov 12, 2023
maxime-aknin nicolas-grekas
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters Moderate
CVE-2023-46734 was published for symfony/symfony (Composer) Nov 12, 2023
Rudloff nicolas-grekas
Symfony vulnerable to Session Fixation of CSRF tokens Moderate
CVE-2022-24895 was published for symfony/security-bundle (Composer) Feb 1, 2023
nicolas-grekas lavish
Symfony storing cookie headers in HttpCache Moderate
CVE-2022-24894 was published for symfony/http-kernel (Composer) Feb 1, 2023
nicolas-grekas shyim
ProTip! Advisories are also available from the GraphQL API