GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
6 advisories
Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS
Low
CVE-2026-45756
was published
for
symfony/json-path
(Composer)
May 28, 2026
Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection
Moderate
CVE-2026-45755
was published
for
symfony/mailtrap-mailer
(Composer)
May 28, 2026
Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection
Moderate
CVE-2026-45754
was published
for
symfony/lox24-notifier
(Composer)
May 28, 2026
Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
Moderate
CVE-2026-45075
was published
for
symfony/http-kernel
(Composer)
May 27, 2026
Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names
Moderate
CVE-2026-45070
was published
for
symfony/mime
(Composer)
May 27, 2026
Symfony has an incorrect response from Validator when input ends with `\n`
Low
CVE-2024-50343
was published
for
symfony/symfony
(Composer)
Nov 6, 2024
ProTip!
Advisories are also available from the
GraphQL API