How should we interpret CVSS severity scores?

CVSS estimates technical severity, but it does not automatically equal business risk. Prioritize using context like internet exposure, asset criticality, known exploitation, and whether compensating controls exist. A Medium CVSS on an exposed production system can be more urgent than a Critical on an isolated non-production host.

Vulnerability Database

Q: What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

Q: What's the difference between a vulnerability, an exploit, and a zero-day?

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. Risk increases sharply when exploitation becomes reliable or widespread.

Q: Why do vulnerabilities keep reappearing in our environment?

Recurring findings usually come from incomplete asset discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host.

Q: How do we prioritize remediation without burning out the team?

Use a repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress so remediation is steady, not reactive.

Q: How can SynScan help reduce vulnerability risk over time?

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.

325,773

Total vulnerabilities in the database

Vulnerabilities for products matching "symfony"

Found 3 matching products. Filters apply to all results.

You can search for specific versions with /product/symfony/1.2.3

sensiolabs / symfony

61 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-24739	Medium	January 28, 2026 1/28/26	< 5.4.51 >= 6.4.0 < 6.4.33 >= 7.3.0 < 7.3.11 >= 7.4.0 < 7.4.5 >= 8.0.0 < 8.0.5
CVE-2025-64500	High	November 12, 2025 11/12/25	>= 2.0.0 < 5.4.50 >= 6.0.0 < 6.4.29 >= 7.0.0 < 7.3.7
CVE-2024-50345	Low	November 6, 2024 11/6/24	< 5.4.46 >= 6.0.0 < 6.4.14 >= 7.0.0 < 7.1.7
CVE-2024-51736	Info	November 6, 2024 11/6/24	< 5.4.46 >= 6.0.0 < 6.4.14 >= 7.0.0 < 7.1.7
CVE-2023-46735	Medium	November 10, 2023 11/10/23	>= 6.0.0 < 6.3.8
CVE-2023-46734	Medium	November 10, 2023 11/10/23	>= 6.0.0 < 6.3.8 >= 5.0.0 < 5.4.31 >= 2.0.0 < 4.4.51
CVE-2023-46733	Medium	November 10, 2023 11/10/23	>= 5.4.21 < 5.4.31 >= 6.2.7 < 6.3.8
CVE-2022-24895	Medium	February 3, 2023 2/3/23	>= 6.2.0 < 6.2.6 >= 6.1.0 < 6.1.12 >= 6.0.0 < 6.0.20 >= 2.0.0 < 4.4.50 >= 5.0.0 < 5.4.20
CVE-2022-24894	Medium	February 3, 2023 2/3/23	>= 6.2.0 < 6.2.6 >= 6.1.0 < 6.1.12 >= 6.0.0 < 6.0.20 >= 2.0.0 < 4.4.50 >= 5.0.0 < 5.4.2
CVE-2022-23601	High	February 1, 2022 2/1/22	>= 6.0.0 < 6.0.4 >= 5.4.0 < 5.4.4 < 5.3.15
CVE-2021-41267	Medium	November 24, 2021 11/24/21	>= 5.2.0 < 5.3.12
CVE-2021-41268	Medium	November 24, 2021 11/24/21	>= 5.3.0 < 5.3.12
CVE-2021-41270	Medium	November 24, 2021 11/24/21	>= 5.0.0 < 5.3.12 >= 4.1.0 < 4.4.35
CVE-2021-32693	Medium	June 17, 2021 6/17/21	>= 5.3.0 < 5.3.2
CVE-2021-21424	Medium	May 13, 2021 5/13/21	>= 4.0.0 < 4.4.23 >= 2.8.0 < 3.4.48 >= 5.0.0 < 5.2.8
CVE-2020-15094	High	September 2, 2020 9/2/20	>= 4.4.0 < 4.4.13 >= 5.1.0 < 5.1.5
CVE-2020-5255	Low	March 30, 2020 3/30/20	>= 5.0.0 < 5.0.7 >= 4.4.0 < 4.4.7
CVE-2020-5274	Low	March 30, 2020 3/30/20	>= 4.4.0 < 4.4.4 >= 5.0.0 < 5.0.4
CVE-2020-5275	High	March 30, 2020 3/30/20	>= 5.0.0 < 5.0.7 >= 4.4.0 < 4.4.7
CVE-2013-4752	Medium	January 2, 2020 1/2/20	>= 2.3.0 < 2.3.3 >= 2.2.0 < 2.2.5 >= 2.1.0 < 2.1.12 >= 2.0.0 < 2.0.24
CVE-2019-11325	Critical	November 21, 2019 11/21/19	>= 4.3.0 < 4.3.8 >= 4.2.0 < 4.2.12
CVE-2019-18887	High	November 21, 2019 11/21/19	>= 3.4.0 <= 3.4.34 >= 4.2.0 <= 4.2.11 >= 4.3.0 <= 4.3.7 >= 2.8.0 <= 2.8.50
CVE-2019-18888	High	November 21, 2019 11/21/19	>= 3.4.0 <= 3.4.34 >= 4.2.0 <= 4.2.11 >= 4.3.0 <= 4.3.7 >= 2.8.0 <= 2.8.50
CVE-2019-18889	Critical	November 21, 2019 11/21/19	>= 3.4.0 <= 3.4.34 >= 4.2.0 <= 4.2.11 >= 4.3.0 <= 4.3.7
CVE-2019-18886	Medium	November 21, 2019 11/21/19	>= 4.2.0 <= 4.2.11 >= 4.3.0 <= 4.3.7
CVE-2013-4751	High	November 1, 2019 11/1/19	>= 2.3.0 < 2.3.3 >= 2.2.0 < 2.2.5 >= 2.1.0 < 2.1.12 >= 2.0.0 < 2.0.24
CVE-2017-11365	High	May 23, 2019 5/23/19	== 2.7.30 == 2.8.23 == 3.2.10 == 3.3.3
CVE-2019-10909	Medium	May 16, 2019 5/16/19	>= 4.2.0 < 4.2.7 >= 4.1.0 < 4.1.12 >= 3.4.0 < 3.4.26 >= 2.8.0 < 2.8.50 >= 2.7.0 < 2.7.51
CVE-2019-10910	Critical	May 16, 2019 5/16/19	>= 4.2.0 < 4.2.7 >= 4.1.0 < 4.1.12 >= 3.4.0 < 3.4.26 >= 2.8.0 < 2.8.50 >= 2.7.0 < 2.7.51
CVE-2019-10911	High	May 16, 2019 5/16/19	>= 4.2.0 < 4.2.7 >= 4.1.0 < 4.1.12 >= 3.4.0 < 3.4.26 >= 2.8.0 < 2.8.50 >= 2.7.0 < 2.7.51
CVE-2019-10912	Medium	May 16, 2019 5/16/19	>= 4.2.0 < 4.2.7 >= 4.1.0 < 4.1.12 >= 3.4.0 < 3.4.26 >= 2.8.0 < 2.8.50
CVE-2019-10913	High	May 16, 2019 5/16/19	>= 4.2.0 < 4.2.7 >= 4.1.0 < 4.1.12 >= 3.4.0 < 3.4.26 >= 2.8.0 < 2.8.50 >= 2.7.0 < 2.7.51
CVE-2018-19790	Medium	December 18, 2018 12/18/18	>= 4.2.0 < 4.2.1 >= 4.1.0 < 4.1.9 >= 4.0.0 < 4.0.15 >= 3.0.0 < 3.4.20 >= 2.8.0 < 2.8.49 >= 2.7.0 < 2.7.50
CVE-2018-19789	Medium	December 18, 2018 12/18/18	>= 4.2.0 < 4.2.1 >= 4.1.0 < 4.1.9 >= 4.0.0 < 4.0.15 >= 3.0.0 < 3.4.20 >= 2.8.0 < 2.8.49 >= 2.7.0 < 2.7.50
CVE-2017-16653	Low	August 6, 2018 8/6/18	>= 2.7.0 <= 2.7.37 >= 3.2.0 <= 3.2.13 >= 3.3.0 <= 3.3.12 >= 3.8.0 <= 3.8.30
CVE-2017-16654	Medium	August 6, 2018 8/6/18	>= 2.7.0 <= 2.7.37 >= 3.2.0 <= 3.2.13 >= 3.3.0 <= 3.3.12 >= 3.8.0 <= 3.8.30
CVE-2017-16790	Low	August 6, 2018 8/6/18	>= 2.7.0 <= 2.7.37 >= 2.8.0 <= 2.8.30 >= 3.2.0 <= 3.2.13 >= 3.3.0 <= 3.3.12
CVE-2018-14773	Medium	August 3, 2018 8/3/18	>= 2.7.0.x <= 2.7.48 >= 2.8.0 <= 2.8.43 >= 3.3.0 <= 3.3.17 >= 3.4.0 <= 3.4.13 >= 4.0.0 <= 4.0.13 >= 4.1.0 <= 4.1.2
CVE-2018-14774	Medium	August 3, 2018 8/3/18	>= 2.8.0 <= 2.8.43 >= 3.3.0 <= 3.3.17 >= 3.4.0 <= 3.4.13 >= 4.0.0 <= 4.0.13 >= 4.1.0 <= 4.1.2 >= 2.7.0 <= 2.7.48
CVE-2017-18343	Low	July 20, 2018 7/20/18	< 2.7.33 >= 2.8.0 < 2.8.26 >= 3.0.0 < 3.2.13 >= 3.3.0 < 3.3.6
CVE-2018-12040	Low	June 13, 2018 6/13/18	== 3.3.6
CVE-2018-11407	High	June 13, 2018 6/13/18	>= 3.3.0 < 3.3.17 >= 2.8.0 < 2.8.37 >= 3.4.0 < 3.4.7 >= 4.0.0 < 4.0.7
CVE-2018-11408	Medium	June 13, 2018 6/13/18	>= 2.7.0 < 2.7.48 >= 2.8.0 < 2.8.41 >= 3.3.0 < 3.3.17 >= 3.4.0 < 3.4.11 >= 4.0.0 < 4.0.11
CVE-2017-16652	Medium	June 13, 2018 6/13/18	>= 2.7.0.x < 2.7.38 >= 2.8.0.x < 2.8.31 >= 3.2.0.x < 3.2.14 >= 3.3.0 < 3.3.13
CVE-2018-11385	Medium	June 13, 2018 6/13/18	>= 2.7.0 < 2.7.48 >= 2.8.0 < 2.8.41 >= 3.3.0 < 3.3.17 >= 3.4.0 < 3.4.11 >= 4.0.0 < 4.0.11
CVE-2018-11386	Low	June 13, 2018 6/13/18	>= 2.7.0 < 2.7.48 >= 2.8.0 < 2.8.41 >= 3.3.0 < 3.3.17 >= 3.4.0 < 3.4.11 >= 4.0.0 < 4.0.11
CVE-2018-11406	Medium	June 13, 2018 6/13/18	>= 2.7.0 < 2.7.48 >= 2.8.0 < 2.8.41 >= 3.3.0 < 3.3.17 >= 3.4.0 < 3.4.11 >= 4.0.0 < 4.0.11
CVE-2016-2403	High	February 7, 2017 2/7/17	== 3.0.5 == 3.0.2 == 2.8.0 == 2.8.4 == 2.8.3 == 3.0.1 == 2.8.1 == 3.0.0 == 2.8.5 == 3.0.3 == 3.0.4 == 2.8.2
CVE-2016-4423	Medium	June 1, 2016 6/1/16	== 2.7.5 == 3.0.5 == 2.7.4 == 2.7.7 == 3.0.2 == 2.7.1 == 2.7.8 == 2.8.0 == 2.8.4 == 2.7.10 == 2.8.3 == 3.0.1 == 2.7.0 == 2.7.3 == 2.8.1 == 3.0.0 == 2.7.2 == 2.8.5 == 3.0.3 == 2.7.11 == 3.0.4 == 2.7.6 <= 2.3.40 == 2.8.2 == 2.7.12 == 2.7.9
CVE-2016-1902	Medium	June 1, 2016 6/1/16	== 2.7.5 == 2.7.4 == 2.7.7 == 2.7.1 == 2.6.1 == 2.7.8 == 2.6.5 == 2.6.11 == 2.6.3 == 2.6.8 == 2.6.10 == 2.7.0 == 2.7.3 == 2.6.4 == 2.6.6 == 2.6.7 == 2.7.2 == 2.6.0 == 2.7.6 <= 2.3.36 == 2.6.9 == 2.6.2 == 2.6.12

symfony / symfony

30 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-24739	Medium	January 28, 2026 1/28/26	< 5.4.51 >= 6.4 < 6.4.33 >= 7.3 < 7.3.11 >= 7.4 < 7.4.5 >= 8.0 < 8.0.5
CVE-2025-64500	High	November 12, 2025 11/12/25	>= 2.0.0 < 5.4.50 >= 6.0.0 < 6.4.29 >= 7.0.0 < 7.3.7
CVE-2014-6072	High	May 30, 2024 5/30/24	>= 2.0.0 < 2.3.19 >= 2.4.0 < 2.4.9 >= 2.5.0 < 2.5.4
Symfony2 improper IP based access control	Medium	May 30, 2024 5/30/24	>= 2.0.0 < 2.0.19 >= 2.1.0 < 2.1.4
Symfony XML Entity Expansion security vulnerability	High	May 30, 2024 5/30/24	>= 2.0.0 < 2.0.17
Symfony XML decoding attack vector through external entities	Critical	May 30, 2024 5/30/24	>= 2.0.0 < 2.0.11
Symfony may allow a user to switch to using another user's identity	Medium	May 30, 2024 5/30/24	>= 2.0.0 < 2.0.6
CVE-2014-5245	High	May 30, 2024 5/30/24	>= 2.0.0 < 2.3.19 >= 2.4.0 < 2.4.9 >= 2.5.0 < 2.5.4
CVE-2015-2309	Medium	May 30, 2024 5/30/24	>= 2.0.0 < 2.3.27 >= 2.4.0 < 2.5.11 >= 2.6.0 < 2.6.6
CVE-2014-6061	Medium	May 30, 2024 5/30/24	>= 2.0.0 < 2.3.19 >= 2.4.0 < 2.4.9 >= 2.5.0 < 2.5.4
CVE-2014-5244	High	May 30, 2024 5/30/24	>= 2.0.0 < 2.3.19 >= 2.4.0 < 2.4.9 >= 2.5.0 < 2.5.4
Symfony2 security issue when the trust proxy mode is enabled	Medium	May 30, 2024 5/30/24	>= 2.0.0 < 2.0.19 >= 2.1.0 < 2.1.4
CVE-2014-4931	High	May 30, 2024 5/30/24	>= 2.0.0 < 2.3.19 >= 2.4.0 < 2.4.9 >= 2.5.0 < 2.5.4
CVE-2023-46735	Medium	November 10, 2023 11/10/23	>= 6.3.0 < 6.3.8
CVE-2023-46733	Medium	November 10, 2023 11/10/23	>= 5.4.21 < 5.4.31 >= 6.2.7 < 6.3.8
CVE-2023-46734	Medium	November 10, 2023 11/10/23	>= 2.0.0 < 4.4.51 >= 5.0.0 < 5.4.31 >= 6.0.0 < 6.3.8
CVE-2022-24895	Medium	February 3, 2023 2/3/23	>= 2.0.0 < 4.4.50 >= 5.0.0 < 5.4.20 >= 6.0.0 < 6.0.20 >= 6.1.0 < 6.1.12 >= 6.2.0 < 6.2.6
CVE-2022-24894	Medium	February 3, 2023 2/3/23	>= 2.0.0 < 4.4.50 >= 5.0.0 < 5.4.20 >= 6.0.0 < 6.0.20 >= 6.1.0 < 6.1.12 >= 6.2.0 < 6.2.6
User enumeration in authentication mechanisms	Low	May 17, 2021 5/17/21	>= 5.1.0 < 5.2.8
CVE-2020-15094	High	September 2, 2020 9/2/20	>= 4.3.0 < 4.4.13 >= 5.0.0 < 5.1.5
CVE-2019-18889	Critical	November 21, 2019 11/21/19	>= 3.1.0 < 3.4.35 >= 4.0.0 < 4.2.12 >= 4.3.0 < 4.3.8
CVE-2019-18888	High	November 21, 2019 11/21/19	>= 2.0.0 < 2.8.52 >= 3.0.0 < 3.4.35 >= 4.0.0 < 4.2.12 >= 4.3.0 < 4.3.8
CVE-2019-11325	Critical	November 21, 2019 11/21/19	>= 4.2.0 < 4.2.12 >= 4.3.0 < 4.3.8
CVE-2019-18887	High	November 21, 2019 11/21/19	>= 2.2.0 < 2.8.52 >= 3.0.0 < 3.4.35 >= 4.0.0 < 4.2.12 >= 4.3.0 < 4.3.8
CVE-2019-18886	Medium	November 21, 2019 11/21/19	>= 4.1.0 < 4.2.12 >= 4.3.0 < 4.3.8
CVE-2019-10909	Medium	May 16, 2019 5/16/19	>= 2.7.0 < 2.7.51 >= 2.8.0 < 2.8.50 >= 3.0.0 < 3.4.26 >= 4.0.0 < 4.1.12 >= 4.2.0 < 4.2.7
CVE-2019-10910	Critical	May 16, 2019 5/16/19	>= 2.7.0 < 2.7.51 >= 2.8.0 < 2.8.50 >= 3.0.0 < 3.4.26 >= 4.0.0 < 4.1.12 >= 4.2.0 < 4.2.7
CVE-2019-10913	High	May 16, 2019 5/16/19	>= 2.7.0 < 2.7.51 >= 2.8.0 < 2.8.50 >= 3.0.0 < 3.4.26 >= 4.0.0 < 4.1.12 >= 4.2.0 < 4.2.7
CVE-2019-10911	High	May 16, 2019 5/16/19	>= 2.7.0 < 2.7.51 >= 2.8.0 < 2.8.50 >= 3.0.0 < 3.4.26 >= 4.0.0 < 4.1.12 >= 4.2.0 < 4.2.7
CVE-2019-10912	Medium	May 16, 2019 5/16/19	>= 2.8.0 < 2.8.50 >= 3.0.0 < 3.4.26 >= 4.0.0 < 4.1.12 >= 4.2.0 < 4.2.7

auth0 / symfony

3 vulnerabilities found

Title	Severity	Date	Affected Version
Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import	Low	October 1, 2025 10/1/25	>= 2.0.2 < 5.5.0
Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability	Critical	June 6, 2025 6/6/25	>= 5.0.0-BETA0 < 5.1.0
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions	Critical	May 17, 2025 5/17/25	< 5.4.0

Showing vulnerabilities for 3 products matching "symfony". Each product has independent pagination.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo

Frequently Asked Questions

What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

CVSS (Common Vulnerability Scoring System) estimates technical severity, but it doesn't automatically equal business risk. Prioritize using context like internet exposure, affected asset criticality, known exploitation (proof-of-concept or in-the-wild), and whether compensating controls exist. A "Medium" CVSS on an exposed, production system can be more urgent than a "Critical" on an isolated, non-production host.

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. In practice, risk increases sharply when exploitation becomes reliable or widespread.

Recurring findings usually come from incomplete Asset Discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host. Unknown or unmanaged assets (often called Shadow IT) are a common reason the same issues resurface.

Use a simple, repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress using consistent metrics so remediation is steady, not reactive.

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.