pkg:Packagist/symfony/routing
3 total CVEs
✅ Check your installed version
All known vulnerabilities
—CVE-2026-48784Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization from 0, < 5.4.53
—CVE-2026-45065Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection from 0, < 5.4.52
—CVE-2012-6431Symfony Allows URI Restrictions Bypass Via Double-Encoded String >= 2.0.0, < 2.0.19