Symfony/security-bundle
This hub aggregates every CVE we track for Symfony/security-bundle, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM3LOW1HIGH1
Monthly trend
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting Symfony/security-bundle.
- CVE-2024-50341Security::login does not take into account custom user_checker in symfony/security-bundle3.1
- CVE-2022-24895Symfony vulnerable to Session Fixation of CSRF tokens6.3
- CVE-2021-41268Cookie persistence in Symfony6.5
- CVE-2018-11408The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulne...6.1
- CVE-2018-11406An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's sessio...8.8
Product normalization is registry-driven with AI assist and human review. How it works