symfony/mime
Packagist3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting symfony/mimepage 1 of 1
- CVE-2019-18888HIGHCVSS 7.5EG 7.5✓ Fixed in 4.3.82019-11-21
vulnerable: v4.3.0 ... v4.3.7 (8 versions)
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arb…
- CVE-2026-45067HIGHCVSS 0.0EG 0.0✓ Fixed in 8.0.122026-05-27
vulnerable: v8.0.0 ... v8.0.9 (7 versions)
Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address ### Description `Symfony\Component\Mime\Address` is the value-object every Symfony Mailer address (to/cc/bcc/from/reply-to) flows through; its c…
- CVE-2026-45070MEDIUMCVSS 0.0EG 0.0✓ Fixed in 8.0.122026-05-27
vulnerable: v8.0.0 ... v8.0.9 (7 versions)
Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names ### Description `Symfony\Component\Mime\Header\ParameterizedHeader` (and the related parameter handling reachable from `Symfony\Component\Mime\Header\Hea…
Check whether symfony/mime is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for symfony/mime CVEs against the assets you own.
Start Free Scan →