GHSA-c2p3-7m5p-cv8x

Source

https://github.com/advisories/GHSA-c2p3-7m5p-cv8x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-c2p3-7m5p-cv8x/GHSA-c2p3-7m5p-cv8x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-c2p3-7m5p-cv8x

Aliases

CVE-2026-45133

Published

2026-05-27T21:33:07Z

Modified

2026-05-27T21:45:20.337516549Z

Severity

2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

Symfony hardened the parser when handling untrusted input

Details

Description

Symfony\Component\Yaml\Parser is the entry point for parsing YAML strings into PHP values via Yaml::parse(). When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level (Parser::parseBlock()) and inline (Inline::parseSequence() / Inline::parseMapping()) parsers to recurse without a depth limit. A crafted document exhausts the PHP stack and crashes the worker.

Resolution

The Parser now tracks recursion depth in a shared ParserState object across both block-level and inline parsing, with a default limit of 128. The limit is configurable via a new $maxNestingLevel argument on Parser::__construct(), Yaml::parse() and Yaml::parseFile().

The patch for this issue is available here for branch 5.4.

Credits

Symfony would like to thank Pietro Tirenna (Shielder) for reporting the issue and Nicolas Grekas for fixing it.

Database specific

{
    "cwe_ids": [
        "CWE-1333",
        "CWE-674",
        "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-27T21:33:07Z",
    "nvd_published_at": null,
    "severity": "LOW"
}

References

Affected packages

Packagist

symfony/yaml

Package

Name: symfony/yaml
Purl: pkg:composer/symfony%2Fyaml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.52

Affected versions

2.*

2.0.4

2.0.5

2.0.6

2.0.7

v2.*

v2.0.9

v2.0.10

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.20

v2.0.21

v2.0.22

v2.0.23

v2.0.24

v2.0.25

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.1.10

v2.1.11

v2.1.12

v2.1.13

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.2.10

v2.2.11

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.3.10

v2.3.11

v2.3.12

v2.3.13

v2.3.14

v2.3.15

v2.3.16

v2.3.17

v2.3.18

v2.3.19

v2.3.20

v2.3.21

v2.3.22

v2.3.23

v2.3.24

v2.3.25

v2.3.26

v2.3.27

v2.3.28

v2.3.29

v2.3.30

v2.3.31

v2.3.32

v2.3.33

v2.3.34

v2.3.35

v2.3.36

v2.3.37

v2.3.38

v2.3.39

v2.3.40

v2.3.41

v2.3.42

v2.4.0-BETA1

v2.4.0-BETA2

v2.4.0-RC1

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.4.10

v2.5.0-BETA1

v2.5.0-BETA2

v2.5.0-RC1

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.5.10

v2.5.11

v2.5.12

v2.6.0-BETA1

v2.6.0-BETA2

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.6.10

v2.6.11

v2.6.12

v2.6.13

v2.7.0-BETA1

v2.7.0-BETA2

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.7.10

v2.7.11

v2.7.12

v2.7.13

v2.7.14

v2.7.15

v2.7.16

v2.7.17

v2.7.18

v2.7.19

v2.7.20

v2.7.21

v2.7.22

v2.7.23

v2.7.24

v2.7.25

v2.7.26

v2.7.27

v2.7.28

v2.7.29

v2.7.30

v2.7.31

v2.7.32

v2.7.33

v2.7.34

v2.7.35

v2.7.36

v2.7.37

v2.7.38

v2.7.39

v2.7.40

v2.7.41

v2.7.42

v2.7.43

v2.7.44

v2.7.45

v2.7.46

v2.7.47

v2.7.48

v2.7.49

v2.7.50

v2.7.51

v2.8.0-BETA1

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.8.10

v2.8.11

v2.8.12

v2.8.13

v2.8.14

v2.8.15

v2.8.16

v2.8.17

v2.8.18

v2.8.19

v2.8.20

v2.8.21

v2.8.22

v2.8.23

v2.8.24

v2.8.25

v2.8.26

v2.8.27

v2.8.28

v2.8.29

v2.8.30

v2.8.31

v2.8.32

v2.8.33

v2.8.34

v2.8.35

v2.8.36

v2.8.37

v2.8.38

v2.8.39

v2.8.40

v2.8.41

v2.8.42

v2.8.43

v2.8.44

v2.8.45

v2.8.46

v2.8.47

v2.8.48

v2.8.49

v2.8.50

v2.8.52

v3.*

v3.0.0-BETA1

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.1.0-BETA1

v3.1.0-RC1

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.1.10

v3.2.0-BETA1

v3.2.0-RC1

v3.2.0-RC2

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.2.10

v3.2.11

v3.2.12

v3.2.13

v3.2.14

v3.3.0-BETA1

v3.3.0-RC1

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.3.10

v3.3.11

v3.3.12

v3.3.13

v3.3.14

v3.3.15

v3.3.16

v3.3.17

v3.3.18

v3.4.0-BETA1

v3.4.0-BETA2

v3.4.0-BETA3

v3.4.0-BETA4

v3.4.0-RC1

v3.4.0-RC2

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.4.9

v3.4.10

v3.4.11

v3.4.12

v3.4.13

v3.4.14

v3.4.15

v3.4.16

v3.4.17

v3.4.18

v3.4.19

v3.4.20

v3.4.21

v3.4.22

v3.4.23

v3.4.24

v3.4.25

v3.4.26

v3.4.27

v3.4.28

v3.4.29

v3.4.30

v3.4.31

v3.4.32

v3.4.33

v3.4.34

v3.4.35

v3.4.36

v3.4.37

v3.4.38

v3.4.39

v3.4.40

v3.4.41

v3.4.42

v3.4.43

v3.4.44

v3.4.45

v3.4.46

v3.4.47

v4.*

v4.0.0-BETA1

v4.0.0-BETA2

v4.0.0-BETA3

v4.0.0-BETA4

v4.0.0-RC1

v4.0.0-RC2

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.0.10

v4.0.11

v4.0.12

v4.0.13

v4.0.14

v4.0.15

v4.1.0-BETA1

v4.1.0-BETA2

v4.1.0-BETA3

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.1.10

v4.1.11

v4.1.12

v4.2.0-BETA1

v4.2.0-BETA2

v4.2.0-RC1

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.2.7

v4.2.8

v4.2.9

v4.2.10

v4.2.11

v4.2.12

v4.3.0-BETA1

v4.3.0-BETA2

v4.3.0-RC1

v4.3.0

v4.3.1

v4.3.2

v4.3.3

v4.3.4

v4.3.5

v4.3.6

v4.3.7

v4.3.8

v4.3.9

v4.3.10

v4.3.11

v4.4.0-BETA1

v4.4.0-BETA2

v4.4.0-RC1

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.4.8

v4.4.9

v4.4.10

v4.4.11

v4.4.12

v4.4.13

v4.4.14

v4.4.15

v4.4.16

v4.4.17

v4.4.18

v4.4.19

v4.4.20

v4.4.21

v4.4.22

v4.4.24

v4.4.25

v4.4.26

v4.4.27

v4.4.29

v4.4.34

v4.4.36

v4.4.37

v4.4.43

v4.4.44

v4.4.45

v5.*

v5.0.0-BETA1

v5.0.0-BETA2

v5.0.0-RC1

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.0.10

v5.0.11

v5.1.0-BETA1

v5.1.0-RC1

v5.1.0-RC2

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.1.5

v5.1.6

v5.1.7

v5.1.8

v5.1.9

v5.1.10

v5.1.11

v5.2.0-BETA1

v5.2.0-BETA2

v5.2.0-BETA3

v5.2.0-RC1

v5.2.0-RC2

v5.2.0

v5.2.1

v5.2.2

v5.2.3

v5.2.4

v5.2.5

v5.2.7

v5.2.9

v5.2.10

v5.2.11

v5.2.12

v5.2.14

v5.3.0-BETA1

v5.3.0-BETA2

v5.3.0-RC1

v5.3.0

v5.3.2

v5.3.3

v5.3.4

v5.3.6

v5.3.11

v5.3.13

v5.3.14

v5.4.0-BETA1

v5.4.0-BETA2

v5.4.0-RC1

v5.4.0

v5.4.2

v5.4.3

v5.4.10

v5.4.11

v5.4.12

v5.4.14

v5.4.16

v5.4.17

v5.4.19

v5.4.21

v5.4.23

v5.4.30

v5.4.31

v5.4.35

v5.4.39

v5.4.40

v5.4.43

v5.4.44

v5.4.45

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-c2p3-7m5p-cv8x/GHSA-c2p3-7m5p-cv8x.json"

symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony%2Fsymfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.52

Affected versions

2.*

2.0.4

2.0.5

2.0.6

2.0.7

v2.*

v2.0.9

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.20

v2.0.21

v2.0.22

v2.0.23

v2.0.24

v2.0.25

v2.1.0-BETA1

v2.1.0-BETA2

v2.1.0-BETA3

v2.1.0-BETA4

v2.1.0-RC1

v2.1.0-RC2

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.1.10

v2.1.11

v2.1.12

v2.1.13

v2.2.0-BETA1

v2.2.0-BETA2

v2.2.0-RC1

v2.2.0-RC2

v2.2.0-RC3

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.2.10

v2.2.11

v2.3.0-BETA1

v2.3.0-BETA2

v2.3.0-RC1

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.3.10

v2.3.11

v2.3.12

v2.3.13

v2.3.14

v2.3.15

v2.3.16

v2.3.17

v2.3.18

v2.3.19

v2.3.20

v2.3.21

v2.3.22

v2.3.23

v2.3.24

v2.3.25

v2.3.26

v2.3.27

v2.3.28

v2.3.29

v2.3.30

v2.3.31

v2.3.32

v2.3.33

v2.3.34

v2.3.35

v2.3.36

v2.3.37

v2.3.38

v2.3.39

v2.3.40

v2.3.41

v2.3.42

v2.4.0-BETA1

v2.4.0-BETA2

v2.4.0-RC1

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.4.10

v2.5.0-BETA1

v2.5.0-BETA2

v2.5.0-RC1

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.5.10

v2.5.11

v2.5.12

v2.6.0-BETA1

v2.6.0-BETA2

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.6.10

v2.6.11

v2.6.12

v2.6.13

v2.7.0-BETA1

v2.7.0-BETA2

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.7.10

v2.7.11

v2.7.12

v2.7.13

v2.7.14

v2.7.15

v2.7.16

v2.7.17

v2.7.18

v2.7.19

v2.7.20

v2.7.21

v2.7.22

v2.7.23

v2.7.24

v2.7.25

v2.7.26

v2.7.27

v2.7.28

v2.7.29

v2.7.30

v2.7.31

v2.7.32

v2.7.33

v2.7.34

v2.7.35

v2.7.36

v2.7.37

v2.7.38

v2.7.39

v2.7.40

v2.7.41

v2.7.42

v2.7.43

v2.7.44

v2.7.45

v2.7.46

v2.7.47

v2.7.48

v2.7.49

v2.7.50

v2.7.51

v2.7.52

v2.8.0-BETA1

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.8.10

v2.8.11

v2.8.12

v2.8.13

v2.8.14

v2.8.15

v2.8.16

v2.8.17

v2.8.18

v2.8.19

v2.8.20

v2.8.21

v2.8.22

v2.8.23

v2.8.24

v2.8.25

v2.8.26

v2.8.27

v2.8.28

v2.8.29

v2.8.30

v2.8.31

v2.8.32

v2.8.33

v2.8.34

v2.8.35

v2.8.36

v2.8.37

v2.8.38

v2.8.39

v2.8.40

v2.8.41

v2.8.42

v2.8.43

v2.8.44

v2.8.45

v2.8.46

v2.8.47

v2.8.48

v2.8.49

v2.8.50

v2.8.51

v2.8.52

v3.*

v3.0.0-BETA1

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.1.0-BETA1

v3.1.0-RC1

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.1.10

v3.2.0-BETA1

v3.2.0-RC1

v3.2.0-RC2

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.2.10

v3.2.11

v3.2.12

v3.2.13

v3.2.14

v3.3.0-BETA1

v3.3.0-RC1

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.3.10

v3.3.11

v3.3.12

v3.3.13

v3.3.14

v3.3.15

v3.3.16

v3.3.17

v3.3.18

v3.4.0-BETA1

v3.4.0-BETA2

v3.4.0-BETA3

v3.4.0-BETA4

v3.4.0-RC1

v3.4.0-RC2

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.4.9

v3.4.10

v3.4.11

v3.4.12

v3.4.13

v3.4.14

v3.4.15

v3.4.16

v3.4.17

v3.4.18

v3.4.19

v3.4.20

v3.4.21

v3.4.22

v3.4.23

v3.4.24

v3.4.25

v3.4.26

v3.4.27

v3.4.28

v3.4.29

v3.4.30

v3.4.31

v3.4.32

v3.4.33

v3.4.34

v3.4.35

v3.4.36

v3.4.37

v3.4.38

v3.4.39

v3.4.40

v3.4.41

v3.4.42

v3.4.43

v3.4.44

v3.4.45

v3.4.46

v3.4.47

v3.4.48

v3.4.49

v4.*

v4.0.0-BETA1

v4.0.0-BETA2

v4.0.0-BETA3

v4.0.0-BETA4

v4.0.0-RC1

v4.0.0-RC2

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.0.10

v4.0.11

v4.0.12

v4.0.13

v4.0.14

v4.0.15

v4.1.0-BETA1

v4.1.0-BETA2

v4.1.0-BETA3

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.1.10

v4.1.11

v4.1.12

v4.1.13

v4.2.0-BETA1

v4.2.0-BETA2

v4.2.0-RC1

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.2.7

v4.2.8

v4.2.9

v4.2.10

v4.2.11

v4.2.12

v4.3.0-BETA1

v4.3.0-BETA2

v4.3.0-RC1

v4.3.0

v4.3.1

v4.3.2

v4.3.3

v4.3.4

v4.3.5

v4.3.6

v4.3.7

v4.3.8

v4.3.9

v4.3.10

v4.3.11

v4.4.0-BETA1

v4.4.0-BETA2

v4.4.0-RC1

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.4.8

v4.4.9

v4.4.10

v4.4.11

v4.4.12

v4.4.13

v4.4.14

v4.4.15

v4.4.16

v4.4.17

v4.4.18

v4.4.19

v4.4.20

v4.4.21

v4.4.22

v4.4.23

v4.4.24

v4.4.25

v4.4.26

v4.4.27

v4.4.28

v4.4.29

v4.4.30

v4.4.31

v4.4.32

v4.4.33

v4.4.34

v4.4.35

v4.4.36

v4.4.37

v4.4.38

v4.4.39

v4.4.40

v4.4.41

v4.4.42

v4.4.43

v4.4.44

v4.4.45

v4.4.46

v4.4.47

v4.4.48

v4.4.49

v4.4.50

v4.4.51

v5.*

v5.0.0-BETA1

v5.0.0-BETA2

v5.0.0-RC1

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.0.10

v5.0.11

v5.1.0-BETA1

v5.1.0-RC1

v5.1.0-RC2

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.1.5

v5.1.6

v5.1.7

v5.1.8

v5.1.9

v5.1.10

v5.1.11

v5.2.0-BETA1

v5.2.0-BETA2

v5.2.0-BETA3

v5.2.0-RC1

v5.2.0-RC2

v5.2.0

v5.2.1

v5.2.2

v5.2.3

v5.2.4

v5.2.5

v5.2.6

v5.2.7

v5.2.8

v5.2.9

v5.2.10

v5.2.11

v5.2.12

v5.2.13

v5.2.14

v5.3.0-BETA1

v5.3.0-BETA2

v5.3.0-BETA3

v5.3.0-BETA4

v5.3.0-RC1

v5.3.0

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.3.5

v5.3.6

v5.3.7

v5.3.8

v5.3.9

v5.3.10

v5.3.11

v5.3.12

v5.3.13

v5.3.14

v5.3.15

v5.3.16

v5.4.0-BETA1

v5.4.0-BETA2

v5.4.0-BETA3

v5.4.0-RC1

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v5.4.5

v5.4.6

v5.4.7

v5.4.8

v5.4.9

v5.4.10

v5.4.11

v5.4.12

v5.4.13

v5.4.14

v5.4.15

v5.4.16

v5.4.17

v5.4.18

v5.4.19

v5.4.20

v5.4.21

v5.4.22

v5.4.23

v5.4.24

v5.4.25

v5.4.26

v5.4.27

v5.4.28

v5.4.29

v5.4.30

v5.4.31

v5.4.32

v5.4.33

v5.4.34

v5.4.35

v5.4.36

v5.4.37

v5.4.38

v5.4.39

v5.4.40

v5.4.41

v5.4.42

v5.4.43

v5.4.44

v5.4.45

v5.4.46

v5.4.47

v5.4.48

v5.4.49

v5.4.50

v5.4.51

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-c2p3-7m5p-cv8x/GHSA-c2p3-7m5p-cv8x.json"

symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony%2Fsymfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.4.40

Affected versions

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9

v6.0.10

v6.0.11

v6.0.12

v6.0.13

v6.0.14

v6.0.15

v6.0.16

v6.0.17

v6.0.18

v6.0.19

v6.0.20

v6.1.0-BETA1

v6.1.0-BETA2

v6.1.0-RC1

v6.1.0

v6.1.1

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.1.8

v6.1.9

v6.1.10

v6.1.11

v6.1.12

v6.2.0-BETA1

v6.2.0-BETA2

v6.2.0-BETA3

v6.2.0-RC1

v6.2.0-RC2

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.2.4

v6.2.5

v6.2.6

v6.2.7

v6.2.8

v6.2.9

v6.2.10

v6.2.11

v6.2.12

v6.2.13

v6.2.14

v6.3.0-BETA1

v6.3.0-BETA2

v6.3.0-BETA3

v6.3.0-RC1

v6.3.0-RC2

v6.3.0

v6.3.1

v6.3.2

v6.3.3

v6.3.4

v6.3.5

v6.3.6

v6.3.7

v6.3.8

v6.3.9

v6.3.10

v6.3.11

v6.3.12

v6.4.0-BETA1

v6.4.0-BETA2

v6.4.0-BETA3

v6.4.0-RC1

v6.4.0-RC2

v6.4.0

v6.4.1

v6.4.2

v6.4.3

v6.4.4

v6.4.5

v6.4.6

v6.4.7

v6.4.8

v6.4.9

v6.4.10

v6.4.11

v6.4.12

v6.4.13

v6.4.14

v6.4.15

v6.4.16

v6.4.17

v6.4.18

v6.4.19

v6.4.20

v6.4.21

v6.4.22

v6.4.23

v6.4.24

v6.4.25

v6.4.26

v6.4.27

v6.4.28

v6.4.29

v6.4.30

v6.4.31

v6.4.32

v6.4.33

v6.4.34

v6.4.35

v6.4.36

v6.4.37

v6.4.38

v6.4.39

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-c2p3-7m5p-cv8x/GHSA-c2p3-7m5p-cv8x.json"

symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony%2Fsymfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.4.12

Affected versions

v7.*

v7.0.0

v7.0.1

v7.0.2

v7.0.3

v7.0.4

v7.0.5

v7.0.6

v7.0.7

v7.0.8

v7.0.9

v7.0.10

v7.1.0-BETA1

v7.1.0-RC1

v7.1.0

v7.1.1

v7.1.2

v7.1.3

v7.1.4

v7.1.5

v7.1.6

v7.1.7

v7.1.8

v7.1.9

v7.1.10

v7.1.11

v7.2.0-BETA1

v7.2.0-BETA2

v7.2.0-RC1

v7.2.0

v7.2.1

v7.2.2

v7.2.3

v7.2.4

v7.2.5

v7.2.6

v7.2.7

v7.2.8

v7.2.9

v7.3.0-BETA1

v7.3.0-BETA2

v7.3.0-RC1

v7.3.0

v7.3.1

v7.3.2

v7.3.3

v7.3.4

v7.3.5

v7.3.6

v7.3.7

v7.3.8

v7.3.9

v7.3.10

v7.3.11

v7.4.0-BETA1

v7.4.0-BETA2

v7.4.0-RC1

v7.4.0-RC2

v7.4.0-RC3

v7.4.0

v7.4.1

v7.4.2

v7.4.3

v7.4.4

v7.4.5

v7.4.6

v7.4.7

v7.4.8

v7.4.9

v7.4.10

v7.4.11

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-c2p3-7m5p-cv8x/GHSA-c2p3-7m5p-cv8x.json"

symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony%2Fsymfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.0.12

Affected versions

v8.*

v8.0.0

v8.0.1

v8.0.2

v8.0.3

v8.0.4

v8.0.5

v8.0.6

v8.0.7

v8.0.8

v8.0.9

v8.0.10

v8.0.11

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-c2p3-7m5p-cv8x/GHSA-c2p3-7m5p-cv8x.json"

symfony/yaml

Package

Name: symfony/yaml
Purl: pkg:composer/symfony%2Fyaml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.4.40

Affected versions

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.10

v6.0.11

v6.0.12

v6.0.14

v6.0.16

v6.0.17

v6.0.19

v6.1.0-BETA1

v6.1.0-BETA2

v6.1.0-RC1

v6.1.0

v6.1.2

v6.1.3

v6.1.4

v6.1.6

v6.1.8

v6.1.9

v6.1.11

v6.2.0-BETA1

v6.2.0-BETA3

v6.2.0-RC1

v6.2.0-RC2

v6.2.0

v6.2.2

v6.2.5

v6.2.7

v6.2.10

v6.3.0-BETA1

v6.3.0-RC1

v6.3.0

v6.3.3

v6.3.7

v6.3.8

v6.3.12

v6.4.0-BETA1

v6.4.0-BETA2

v6.4.0-BETA3

v6.4.0-RC1

v6.4.0

v6.4.3

v6.4.7

v6.4.8

v6.4.11

v6.4.12

v6.4.13

v6.4.18

v6.4.20

v6.4.21

v6.4.23

v6.4.24

v6.4.25

v6.4.26

v6.4.30

v6.4.34

v6.4.38

v6.4.39

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-c2p3-7m5p-cv8x/GHSA-c2p3-7m5p-cv8x.json"

symfony/yaml

Package

Name: symfony/yaml
Purl: pkg:composer/symfony%2Fyaml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.4.12

Affected versions

v7.*

v7.0.0

v7.0.3

v7.0.7

v7.0.8

v7.1.0-BETA1

v7.1.0-RC1

v7.1.0

v7.1.1

v7.1.4

v7.1.5

v7.1.6

v7.1.11

v7.2.0-BETA1

v7.2.0-RC1

v7.2.0

v7.2.3

v7.2.5

v7.2.6

v7.2.8

v7.2.9

v7.3.0-BETA1

v7.3.0-RC1

v7.3.0

v7.3.1

v7.3.2

v7.3.3

v7.3.5

v7.3.8

v7.4.0-BETA1

v7.4.0-RC1

v7.4.0-RC2

v7.4.0

v7.4.1

v7.4.6

v7.4.8

v7.4.10

v7.4.11

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-c2p3-7m5p-cv8x/GHSA-c2p3-7m5p-cv8x.json"

symfony/yaml

Package

Name: symfony/yaml
Purl: pkg:composer/symfony%2Fyaml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.0.12

Affected versions

v8.*

v8.0.0

v8.0.1

v8.0.6

v8.0.8

v8.0.10

v8.0.11

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-c2p3-7m5p-cv8x/GHSA-c2p3-7m5p-cv8x.json"