✅ Check your installed version
All known vulnerabilities
CRITICAL9.8CVE-2019-10913Invalid HTTP method overrides allow possible XSS or other attacks in Symfony >= 2.7.0, < 2.7.51
HIGH7.5CVE-2014-5244Symfony vulnerable to denial of service via a malicious HTTP Host header >= 2.0.0, < 2.3.19
HIGH7.5CVE-2019-18888Argument injection in a MimeTypeGuesser in Symfony >= 2.0.0, < 2.8.52
HIGH7.3CVE-2025-64500Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass from 0, < 5.4.50
>= 2.7.0, < 2.7.49
MEDIUM6.1CVE-2013-4752Symfony Host Header Injection vulnerability in the HttpFoundation component >= 2.0.0, < 2.0.24
>= 2.7.0, < 2.7.48
MEDIUM5.3CVE-2015-2309Symfony has unsafe methods in the Request class >= 2.0.0, < 2.3.27
MEDIUM5.3CVE-2014-6061Symfony has a security issue when parsing the Authorization header >= 2.0.0, < 2.3.19
LOW3.1CVE-2024-50345Symfony vulnerable to open redirect via browser-sanitized URLs from 0, < 5.4.46
LOW2.6CVE-2020-5255Prevent cache poisoning via a Response Content-Type header in Symfony >= 4.4.0, < 4.4.7
—CVE-2012-6431Symfony Allows URI Restrictions Bypass Via Double-Encoded String >= 2.0.0, < 2.0.19