symfony/yaml
Packagist5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting symfony/yamlpage 1 of 1
- CVE-2013-1348NONECVSS 0.0EG 0.0✓ Fixed in 2.0.222014-06-02
vulnerable: 2.0.4 ... v2.0.9 (16 versions)
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.
- CVE-2013-1397NONECVSS 0.0EG 0.0✓ Fixed in 2.2.0-BETA22014-06-02
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.
- CVE-2026-45133LOWCVSS 0.0EG 0.0✓ Fixed in 8.0.122026-05-27
vulnerable: v8.0.0 ... v8.0.8 (6 versions)
Symfony hardened the parser when handling untrusted input ### Description `Symfony\Component\Yaml\Parser` is the entry point for parsing YAML strings into PHP values via `Yaml::parse()`. When the parser is exposed to attacker-controlled …
- CVE-2026-45304LOWCVSS 0.0EG 0.0✓ Fixed in 8.0.122026-05-27
vulnerable: v8.0.0 ... v8.0.8 (6 versions)
Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs") ### Description `Symfony\Component\Yaml\Parser` resolves YAML aliases (`*anchor`) during parsing. Aliases that …
- CVE-2026-45305LOWCVSS 0.0EG 0.0✓ Fixed in 8.0.122026-05-27
vulnerable: v8.0.0 ... v8.0.8 (6 versions)
Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex ### Description `Symfony\Component\Yaml\Parser::cleanup()` strips the optional `%YAML` directive header, leading comments, and document start/end …
Check whether symfony/yaml is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for symfony/yaml CVEs against the assets you own.
Start Free Scan →