Security Monitor Dashboard

Critical & High Vulnerabilities

Projekt	CVE	Tool	Component	Package	Severity	Popis	Fix
Bikeplan.cz (Symfony)	CVE-2026-42496	Trivy image	debian	libperl5.40	critical	Archive::Tar versions before 3.08 for Perl extract symlinks with attac ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-8376	Trivy image	debian	libperl5.40	critical	Perl versions through 5.43.10 have a heap buffer overflow when compili ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-42496	Trivy image	debian	perl	critical	Archive::Tar versions before 3.08 for Perl extract symlinks with attac ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-8376	Trivy image	debian	perl	critical	Perl versions through 5.43.10 have a heap buffer overflow when compili ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-42496	Trivy image	debian	perl-base	critical	Archive::Tar versions before 3.08 for Perl extract symlinks with attac ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-8376	Trivy image	debian	perl-base	critical	Perl versions through 5.43.10 have a heap buffer overflow when compili ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-42496	Trivy image	debian	perl-modules-5.40	critical	Archive::Tar versions before 3.08 for Perl extract symlinks with attac ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-8376	Trivy image	debian	perl-modules-5.40	critical	Perl versions through 5.43.10 have a heap buffer overflow when compili ......	N/A
CSAT Project (Survey Tool)	CVE-2026-31789	Trivy image	alpine	libcrypto3	critical	openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certif...	3.5.6-r0
CSAT Project (Survey Tool)	CVE-2026-31789	Trivy image	alpine	libssl3	critical	openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certif...	3.5.6-r0
Car KK	CVE-2026-31789	Trivy image	alpine	libcrypto3	critical	openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certif...	3.3.7-r0
Car KK	CVE-2026-31789	Trivy image	alpine	libssl3	critical	openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certif...	3.3.7-r0
FQ Majetek	CVE-2025-7783	Trivy image	node-pkg	form-data	critical	form-data: Unsafe random function in form-data...	2.5.4, 3.0.4, 4.0.4
Golf (Symfony)	CVE-2026-42496	Trivy image	debian	libperl5.40	critical	Archive::Tar versions before 3.08 for Perl extract symlinks with attac ......	N/A
Golf (Symfony)	CVE-2026-8376	Trivy image	debian	libperl5.40	critical	Perl versions through 5.43.10 have a heap buffer overflow when compili ......	N/A
Golf (Symfony)	CVE-2026-42496	Trivy image	debian	perl	critical	Archive::Tar versions before 3.08 for Perl extract symlinks with attac ......	N/A
Golf (Symfony)	CVE-2026-8376	Trivy image	debian	perl	critical	Perl versions through 5.43.10 have a heap buffer overflow when compili ......	N/A
Golf (Symfony)	CVE-2026-42496	Trivy image	debian	perl-base	critical	Archive::Tar versions before 3.08 for Perl extract symlinks with attac ......	N/A
Golf (Symfony)	CVE-2026-8376	Trivy image	debian	perl-base	critical	Perl versions through 5.43.10 have a heap buffer overflow when compili ......	N/A
Golf (Symfony)	CVE-2026-42496	Trivy image	debian	perl-modules-5.40	critical	Archive::Tar versions before 3.08 for Perl extract symlinks with attac ......	N/A
Golf (Symfony)	CVE-2026-8376	Trivy image	debian	perl-modules-5.40	critical	Perl versions through 5.43.10 have a heap buffer overflow when compili ......	N/A
Hugo Scraper API (Salesforce Integration)	CVE-2026-33845	Trivy image	debian	libgnutls30	critical	gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment...	3.7.9-2+deb12u7
Hugo Scraper API (Salesforce Integration)	CVE-2026-42010	Trivy image	debian	libgnutls30	critical	gnutls: gnutls: Authentication Bypass via NUL Character in Username...	3.7.9-2+deb12u7
Hugo Scraper API (Salesforce Integration)	CVE-2026-42496	Trivy image	debian	perl-base	critical	Archive::Tar versions before 3.08 for Perl extract symlinks with attac ......	N/A
Hugo Scraper API (Salesforce Integration)	CVE-2026-8376	Trivy image	debian	perl-base	critical	Perl versions through 5.43.10 have a heap buffer overflow when compili ......	N/A
Aplikace výpovědi	CVE-2024-21538	Trivy image	node-pkg	cross-spawn	high	cross-spawn: regular expression denial of service...	7.0.5, 6.0.6
Aplikace výpovědi	CVE-2025-64756	Trivy image	node-pkg	glob	high	glob: glob: Command Injection Vulnerability via Malicious Filenames...	11.1.0, 10.5.0
Aplikace výpovědi	CVE-2026-26996	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service via specially crafted glob patterns...	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Aplikace výpovědi	CVE-2026-27903	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking ...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Aplikace výpovědi	CVE-2026-27904	Trivy image	node-pkg	minimatch	high	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob ex...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Aplikace výpovědi	CVE-2026-23745	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsa...	7.5.3
Aplikace výpovědi	CVE-2026-23950	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision rac...	7.5.4
Aplikace výpovědi	CVE-2026-24842	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in ha...	7.5.7
Aplikace výpovědi	CVE-2026-26960	Trivy image	node-pkg	tar	high	node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink cre...	7.5.8
Aplikace výpovědi	CVE-2026-29786	Trivy image	node-pkg	tar	high	node-tar: hardlink path traversal via drive-relative linkpath...	7.5.10
Aplikace výpovědi	CVE-2026-31802	Trivy image	node-pkg	tar	high	tar: tar: File overwrite via drive-relative symlink traversal...	7.5.11
Aplikace výpovědi	DOCKERFILE-ROOT-USER	Dockerfile static checks		dockerfile	high	Container runs as root user...	N/A
Aplikace výpovědi	HELM-NO-RUN-AS-NON-ROOT	HelmScanner		helm-values	high	Container not configured to run as non-root...	configured
Bikeplan.cz (Symfony)	CVE-2015-5723	Packagist Security Advisories		doctrine/annotations	high	Security Misconfiguration Vulnerability in various Doctrine projects...	>=1.0.0,<1.2.7
Bikeplan.cz (Symfony)	CVE-2015-5723	Packagist Security Advisories		doctrine/common	high	Security Misconfiguration Vulnerability in various Doctrine projects...	>=2.0.0,<2.4.3\|>=2.5.0,<2.5.1
Bikeplan.cz (Symfony)	CVE-2021-43608	Packagist Security Advisories		doctrine/dbal	high	SQL Injection in Limit Clause Generation API...	>=3.0.0,<3.0.99\|>=3.1.0,<3.1.4
Bikeplan.cz (Symfony)	CVE-2015-5723	Packagist Security Advisories		doctrine/doctrine-bundle	high	Security Misconfiguration Vulnerability in various Doctrine projects...	<1.5.2
Bikeplan.cz (Symfony)	CVE-2015-5723	Packagist Security Advisories		doctrine/orm	high	Security Misconfiguration Vulnerability in various Doctrine projects...	>=2.0.0,<2.4.8\|>=2.5.0,<2.5.1
Bikeplan.cz (Symfony)	CVE-2025-45769	Packagist Security Advisories		firebase/php-jwt	high	php-jwt contains weak encryption...	<7.0.0
Bikeplan.cz (Symfony)	CVE-2021-46743	Packagist Security Advisories		firebase/php-jwt	high	Key/algorithm type confusion...	<6.0.0
Bikeplan.cz (Symfony)	CVE-2026-6409	Packagist Security Advisories		google/protobuf	high	Protobuf: Denial of Service issue through malicious messages containing negative...	<4.33.6
Bikeplan.cz (Symfony)	CVE-2015-5237	Packagist Security Advisories		google/protobuf	high	protobuf susceptible to buffer overflow...	<3.4.0
Bikeplan.cz (Symfony)	CVE-2022-31091	Packagist Security Advisories		guzzlehttp/guzzle	high	Change in port should be considered a change in origin...	>=7,<7.4.5\|>=4,<6.5.8
Bikeplan.cz (Symfony)	CVE-2022-31090	Packagist Security Advisories		guzzlehttp/guzzle	high	CURLOPT_HTTPAUTH option not cleared on change of origin...	>=7,<7.4.5\|>=4,<6.5.8
Bikeplan.cz (Symfony)	CVE-2022-31043	Packagist Security Advisories		guzzlehttp/guzzle	high	Fix failure to strip Authorization header on HTTP downgrade...	>=7,<7.4.4\|>=4,<6.5.7
Bikeplan.cz (Symfony)	CVE-2022-31042	Packagist Security Advisories		guzzlehttp/guzzle	high	Failure to strip the Cookie header on change in host or HTTP downgrade...	>=7,<7.4.4\|>=4,<6.5.7
Bikeplan.cz (Symfony)	CVE-2022-29248	Packagist Security Advisories		guzzlehttp/guzzle	high	Cross-domain cookie leakage...	>=7,<7.4.3\|>=4,<6.5.6
Bikeplan.cz (Symfony)	CVE-2016-5385	Packagist Security Advisories		guzzlehttp/guzzle	high	HTTP Proxy header vulnerability...	>=6,<6.2.1\|>=4.0.0-rc2,<4.2.4\|>=5,<5.3.1
Bikeplan.cz (Symfony)	CVE-2023-29197	Packagist Security Advisories		guzzlehttp/psr7	high	Improper header validation...	>=2,<2.4.5\|<1.9.1
Bikeplan.cz (Symfony)	CVE-2022-24775	Packagist Security Advisories		guzzlehttp/psr7	high	Inproper parsing of HTTP headers...	>=2,<2.1.1\|<1.8.4
Bikeplan.cz (Symfony)	CVE-2026-46643	Packagist Security Advisories		knplabs/knp-snappy	high	Snappy: Binary path is never shell-escaped due to an inverted is_executable chec...	<=1.7.0
Bikeplan.cz (Symfony)	CVE-2026-46683	Packagist Security Advisories		knplabs/knp-snappy	high	Snappy : SSRF and local file read via the xsl-style-sheet option...	<=1.6.0
Bikeplan.cz (Symfony)	CVE-2023-41330	Packagist Security Advisories		knplabs/knp-snappy	high	Snappy PHAR deserialization vulnerability...	<=1.4.2
Bikeplan.cz (Symfony)	CVE-2023-28115	Packagist Security Advisories		knplabs/knp-snappy	high	PHAR deserialization allowing remote code execution...	<1.4.2
Bikeplan.cz (Symfony)	CVE-2021-32708	Packagist Security Advisories		league/flysystem	high	TOCTOU Race Condition enabling remote code execution...	<1.1.4\|>=2.0.0,<2.1.1
Bikeplan.cz (Symfony)	CVE-2026-40902	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Di...	<=1.30.3\|>=2.0.0,<=2.1.15\|>=2.2.0,<=2.4.4\|>=3.3.0,<=3.10.4\|>=4.0.0,<=5.6.0
Bikeplan.cz (Symfony)	CVE-2026-40863	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetM...	<=1.30.3\|>=2.0.0,<=2.1.15\|>=2.2.0,<=2.4.4\|>=3.3.0,<=3.10.4\|>=4.0.0,<=5.6.0
Bikeplan.cz (Symfony)	CVE-2026-34084	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled...	<=1.30.2\|>=2.0.0,<=2.1.14\|>=2.2.0,<=2.4.3\|>=3.3.0,<=3.10.3\|>=4.0.0,<=5.5.0
Bikeplan.cz (Symfony)	CVE-2026-40296	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has XSS via number format code with @ text placeholder bypasses h...	<=1.30.3\|>=2.0.0,<=2.1.15\|>=2.2.0,<=2.4.4\|>=3.3.0,<=3.10.4\|>=4.0.0,<=5.6.0
Bikeplan.cz (Symfony)	CVE-2026-35453	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer...	<=1.30.3\|>=2.0.0,<=2.1.15\|>=2.2.0,<=2.4.4\|>=3.3.0,<=3.10.4\|>=4.0.0,<=5.6.0
Bikeplan.cz (Symfony)	CVE-2025-54370	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML d...	<1.30.0\|>=2.0.0,<2.1.0\|>=2.1.0,<2.1.12\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=3.0.0,<3.10.0\|>=4.0.0,<5.0.0
Bikeplan.cz (Symfony)	CVE-2025-23210	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol a...	>=2.0.0,<2.1.8\|>=2.2.0,<2.3.7\|<1.29.9\|>=3.0.0,<3.9.0
Bikeplan.cz (Symfony)	CVE-2025-22131	Packagist Security Advisories		phpoffice/phpspreadsheet	high	Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in Php...	>=2.2.0,<2.3.6\|>=2.0.0,<2.1.7\|<1.29.8\|>=3.0.0,<3.8.0
Bikeplan.cz (Symfony)	CVE-2024-56412	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and spe...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Bikeplan.cz (Symfony)	CVE-2024-56411	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink b...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Bikeplan.cz (Symfony)	CVE-2024-56410	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properti...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Bikeplan.cz (Symfony)	CVE-2024-56409	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Bikeplan.cz (Symfony)	CVE-2024-56366	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Bikeplan.cz (Symfony)	CVE-2024-56365	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downl...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Bikeplan.cz (Symfony)	CVE-2024-56408	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Bikeplan.cz (Symfony)	CVE-2024-48917	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XXE in PHPSpreadsheet's XLSX reader...	>=3.3.0,<3.4.0\|>=2.2.0,<2.3.2\|>=2.0.0,<2.1.3\|<1.29.4
Bikeplan.cz (Symfony)	CVE-2024-47873	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XmlScanner bypass leads to XXE...	>=3.3.0,<3.4.0\|>=2.2.0,<2.3.2\|>=2.0.0,<2.1.3\|<1.29.4
Bikeplan.cz (Symfony)	CVE-2024-45293	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XXE in PHPSpreadsheet's XLSX reader...	>=2.0.0,<2.1.1\|<1.29.1\|>=2.2.0,<2.3.0
Bikeplan.cz (Symfony)	CVE-2024-45292	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript ...	>=2.0.0,<2.1.1\|<1.29.2\|>=2.2.0,<2.3.0
Bikeplan.cz (Symfony)	CVE-2024-45291	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in...	>=2.0.0,<2.1.1\|<1.29.2\|>=2.2.0,<2.3.0
Bikeplan.cz (Symfony)	CVE-2024-45290	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery wh...	>=2.0.0,<2.1.1\|<1.29.2\|>=2.2.0,<2.3.0
Bikeplan.cz (Symfony)	CVE-2024-45060	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file...	>=2.0.0,<2.1.1\|<1.29.2\|>=2.2.0,<2.3.0
Bikeplan.cz (Symfony)	CVE-2024-45048	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XXE in PHPSpreadsheet encoding is returned...	>=2.0.0,<2.1.1\|>=2.2.0,<2.2.1\|<1.29.1
Bikeplan.cz (Symfony)	CVE-2024-45046	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style infor...	<1.29.1\|>=2.0.0,<2.1.0
Bikeplan.cz (Symfony)	CVE-2020-7776	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XSS Vulnerability in HTML Writer...	<1.16.0
Bikeplan.cz (Symfony)	CVE-2019-12331	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XXE Vulnerability...	<1.8.0
Bikeplan.cz (Symfony)	CVE-2018-19277	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XXE Vulnerability...	<=1.5.0
Bikeplan.cz (Symfony)	CVE-2026-45073	Packagist Security Advisories		symfony/cache	high	CVE-2026-45073: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2019-18889	Packagist Security Advisories		symfony/cache	high	CVE-2019-18889: Forbid serializing AbstractAdapter and TagAwareAdapter instances...	>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.35\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.2.12\|>=4.3.0,<4.3.8
Bikeplan.cz (Symfony)	CVE-2019-10912	Packagist Security Advisories		symfony/cache	high	CVE-2019-10912: Prevent destructors with side-effects from being unserialized...	>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.26\|>=4.0.0,<4.1.0\|>=4.1.0,<4.1.12\|>=4.2.0,<4.2.7
Bikeplan.cz (Symfony)	CVE-2019-10910	Packagist Security Advisories		symfony/dependency-injection	high	CVE-2019-10910: Check service IDs are valid...	>=2.7.0,<2.7.51\|>=2.8.0,<2.8.50\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.26\|>=4.0.0,<4.1.0\|>=4.1.0,<4.1.12\|>=4.2.0,<4.2.7
Bikeplan.cz (Symfony)	CVE-2020-5274	Packagist Security Advisories		symfony/error-handler	high	CVE-2020-5274: Fix Exception message escaping rendered by ErrorHandler...	>=4.4.0,<4.4.4\|>=5.0.0,<5.0.4
Bikeplan.cz (Symfony)	CVE-2018-19789	Packagist Security Advisories		symfony/form	high	CVE-2018-19789: Temporary uploaded file path disclosure...	>=2.7.38,<2.7.50\|>=2.8.0,<2.8.49\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.20\|>=4.0.0,<4.0.15\|>=4.1.0,<4.1.9\|>=4.2.0,<4.2.1
Bikeplan.cz (Symfony)	CVE-2017-16790	Packagist Security Advisories		symfony/form	high	CVE-2017-16790: Ensure that submitted data are uploaded files...	>=2.7.0,<2.7.38\|>=2.8.0,<2.8.31\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.2.14\|>=3.3.0,<3.3.13
Bikeplan.cz (Symfony)	CVE-2015-8125	Packagist Security Advisories		symfony/form	high	CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember...	>=2.3.0,<2.3.35\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.6.12\|>=2.7.0,<2.7.7
Bikeplan.cz (Symfony)	CVE-2022-23601	Packagist Security Advisories		symfony/framework-bundle	high	CVE-2022-23601: CSRF token missing in forms...	>=5.3.14,<5.3.15\|>=5.4.3,<5.4.4\|>=6.0.3,<6.0.4
Bikeplan.cz (Symfony)	CVE-2019-10909	Packagist Security Advisories		symfony/framework-bundle	high	CVE-2019-10909: Escape validation messages in the PHP templating engine...	>=2.7.0,<2.7.51\|>=2.8.0,<2.8.50\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.26\|>=4.0.0,<4.1.0\|>=4.1.0,<4.1.12\|>=4.2.0,<4.2.7
Bikeplan.cz (Symfony)	CVE-2014-4931	Packagist Security Advisories		symfony/framework-bundle	high	Code injection in the way Symfony implements translation caching in FrameworkBun...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.18\|>=2.4.0,<2.4.8\|>=2.5.0,<2.5.2
Bikeplan.cz (Symfony)	CVE-2026-48736	Packagist Security Advisories		symfony/http-client	high	CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT6...	>=5.4.0,<5.4.53
Bikeplan.cz (Symfony)	CVE-2024-50342	Packagist Security Advisories		symfony/http-client	high	CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetwor...	>=4.3.0,<4.4.0\|>=4.4.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.47\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.15\|>=7.0.0,<7.1.0\|>=7.1.0,<7.1.8
Bikeplan.cz (Symfony)	CVE-2026-48736	Packagist Security Advisories		symfony/http-foundation	high	CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT6...	>=6.4.0,<6.4.41\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.13\|>=8.0.0,<8.0.13
Bikeplan.cz (Symfony)	CVE-2025-64500	Packagist Security Advisories		symfony/http-foundation	high	CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.50\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.29\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.3.7
Bikeplan.cz (Symfony)	CVE-2024-50345	Packagist Security Advisories		symfony/http-foundation	high	CVE-2024-50345: Open redirect via browser-sanitized URLs...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.46\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.14\|>=7.0.0,<7.1.0\|>=7.1.0,<7.1.7
Bikeplan.cz (Symfony)	CVE-2020-5255	Packagist Security Advisories		symfony/http-foundation	high	CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header...	>=4.4.0,<4.4.7\|>=5.0.0,<5.0.7
Bikeplan.cz (Symfony)	CVE-2019-18888	Packagist Security Advisories		symfony/http-foundation	high	CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.8.0\|>=2.8.0,<2.8.52\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.35\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.2.12\|>=4.3.0,<4.3.8
Bikeplan.cz (Symfony)	CVE-2019-10913	Packagist Security Advisories		symfony/http-foundation	high	CVE-2019-10913: Reject invalid HTTP method overrides...	>=2.7.0,<2.7.51\|>=2.8.0,<2.8.50\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.26\|>=4.0.0,<4.1.0\|>=4.1.0,<4.1.12\|>=4.2.0,<4.2.7
Bikeplan.cz (Symfony)	CVE-2018-14773	Packagist Security Advisories		symfony/http-foundation	high	CVE-2018-14773: Remove support for legacy and risky HTTP headers...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.7.49\|>=2.8.0,<2.8.44\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.18\|>=3.4.0,<3.4.14\|>=4.0.0,<4.0.14\|>=4.1.0,<4.1.3
Bikeplan.cz (Symfony)	CVE-2018-11386	Packagist Security Advisories		symfony/http-foundation	high	CVE-2018-11386: Denial of service when using PDOSessionHandler...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.7.48\|>=2.8.0,<2.8.41\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.11\|>=4.0.0,<4.0.11
Bikeplan.cz (Symfony)	CVE-2015-2309	Packagist Security Advisories		symfony/http-foundation	high	Unsafe methods in the Request class...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.27\|>=2.4.0,<2.5.0\|>=2.5.0,<2.5.11\|>=2.6.0,<2.6.6
Bikeplan.cz (Symfony)	CVE-2014-6061	Packagist Security Advisories		symfony/http-foundation	high	Security issue when parsing the Authorization header...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.19\|>=2.4.0,<2.4.9\|>=2.5.0,<2.5.4
Bikeplan.cz (Symfony)	CVE-2014-5244	Packagist Security Advisories		symfony/http-foundation	high	Denial of service with a malicious HTTP Host header...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.19\|>=2.4.0,<2.4.9\|>=2.5.0,<2.5.4
Bikeplan.cz (Symfony)	CVE-2013-4752	Packagist Security Advisories		symfony/http-foundation	high	Request::getHost() poisoning...	>=2.0.0,<2.0.24\|>=2.1.0,<2.1.12\|>=2.2.0,<2.2.5\|>=2.3.0,<2.3.3
Bikeplan.cz (Symfony)	CVE-2012-6431	Packagist Security Advisories		symfony/http-foundation	high	Routes behind a firewall are accessible even when not logged in...	>=2.0.0,<2.0.19
Bikeplan.cz (Symfony)	CVE-2026-45075	Packagist Security Advisories		symfony/http-kernel	high	CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / ...	>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2022-24894	Packagist Security Advisories		symfony/http-kernel	high	CVE-2022-24894: Prevent storing cookie headers in HttpCache...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.8.0\|>=2.8.0,<3.0.0\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<4.0.0\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.3.0\|>=4.3.0,<4.4.0\|>=4.4.0,<4.4.50\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.20\|>=6.0.0,<6.0.20\|>=6.1.0,<6.1.12\|>=6.2.0,<6.2.6
Bikeplan.cz (Symfony)	CVE-2021-41267	Packagist Security Advisories		symfony/http-kernel	high	CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request...	>=5.2.0,<5.3.0\|>=5.3.0,<5.3.12
Bikeplan.cz (Symfony)	CVE-2020-15094	Packagist Security Advisories		symfony/http-kernel	high	CVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient...	>=4.3.0,<4.4.0\|>=4.4.0,<4.4.13\|>=5.0.0,<5.1.0\|>=5.1.0,<5.1.5
Bikeplan.cz (Symfony)	CVE-2019-18887	Packagist Security Advisories		symfony/http-kernel	high	CVE-2019-18887: Use constant time comparison in UriSigner...	>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.8.0\|>=2.8.0,<2.8.52\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.35\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.2.12\|>=4.3.0,<4.3.8
Bikeplan.cz (Symfony)	CVE-2015-4050	Packagist Security Advisories		symfony/http-kernel	high	CVE-2015-4050: ESI unauthorized access...	>=2.3.19,<2.3.29\|>=2.4.9,<2.5.0\|>=2.5.4,<2.5.12\|>=2.6.0,<2.6.8
Bikeplan.cz (Symfony)	CVE-2015-2308	Packagist Security Advisories		symfony/http-kernel	high	Esi Code Injection...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.27\|>=2.4.0,<2.5.0\|>=2.5.0,<2.5.11\|>=2.6.0,<2.6.6
Bikeplan.cz (Symfony)	CVE-2014-5245	Packagist Security Advisories		symfony/http-kernel	high	Direct access of ESI URLs behind a trusted proxy...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.19\|>=2.4.0,<2.4.9\|>=2.5.0,<2.5.4
Bikeplan.cz (Symfony)	CVE-2017-16654	Packagist Security Advisories		symfony/intl	high	CVE-2017-16654: Intl bundle readers breaking out of paths...	>=2.7.0,<2.7.38\|>=2.8.0,<2.8.31\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.2.14\|>=3.3.0,<3.3.13
Bikeplan.cz (Symfony)	CVE-2026-45068	Packagist Security Advisories		symfony/mailer	high	CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipi...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2026-45070	Packagist Security Advisories		symfony/mime	high	CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Paramete...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2026-45067	Packagist Security Advisories		symfony/mime	high	CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Compon...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2019-18888	Packagist Security Advisories		symfony/mime	high	CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser...	>=4.3.0,<4.3.8
Bikeplan.cz (Symfony)	CVE-2026-45077	Packagist Security Advisories		symfony/monolog-bridge	high	CVE-2026-45077: Unauthenticated PHP Object Deserialization in MonologBridge serv...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2026-46644	Packagist Security Advisories		symfony/polyfill-intl-idn	high	CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode pay...	>=1.17.1,<1.38.1
Bikeplan.cz (Symfony)	CVE-2026-24739	Packagist Security Advisories		symfony/process	high	Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructi...	>=8.0,<8.0.5\|>=7.4,<7.4.5\|>=7.3,<7.3.11\|>=6.4,<6.4.33\|<5.4.51
Bikeplan.cz (Symfony)	CVE-2024-51736	Packagist Security Advisories		symfony/process	high	CVE-2024-51736: Command execution hijack on Windows with Process class...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.46\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.14\|>=7.0.0,<7.1.0\|>=7.1.0,<7.1.7
Bikeplan.cz (Symfony)	CVE-2026-48784	Packagist Security Advisories		symfony/routing	high	CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.53\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.41\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.13\|>=8.0.0,<8.0.13
Bikeplan.cz (Symfony)	CVE-2026-45065	Packagist Security Advisories		symfony/routing	high	CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alter...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2012-6431	Packagist Security Advisories		symfony/routing	high	Routes behind a firewall are accessible even when not logged in...	>=2.0.0,<2.0.19
Bikeplan.cz (Symfony)	CVE-2024-50341	Packagist Security Advisories		symfony/security-bundle	high	CVE-2024-50341: Security::login does not take into account custom user_checker...	>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.10\|>=7.0.0,<7.0.10\|>=7.1.0,<7.1.3
Bikeplan.cz (Symfony)	CVE-2022-24895	Packagist Security Advisories		symfony/security-bundle	high	CVE-2022-24895: Possible CSRF token fixation...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.8.0\|>=2.8.0,<3.0.0\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<4.0.0\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.3.0\|>=4.3.0,<4.4.0\|>=4.4.0,<4.4.50\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.20\|>=6.0.0,<6.0.20\|>=6.1.0,<6.1.12\|>=6.2.0,<6.2.6
Bikeplan.cz (Symfony)	CVE-2021-41268	Packagist Security Advisories		symfony/security-bundle	high	CVE-2021-41268: Remember me cookie persistance after password changes...	>=5.3.0,<5.3.12
Bikeplan.cz (Symfony)	CVE-2018-11406	Packagist Security Advisories		symfony/security-bundle	high	CVE-2018-11406: CSRF Token Fixation...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.7.48\|>=2.8.0,<2.8.41\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.11\|>=4.0.0,<4.0.11
Bikeplan.cz (Symfony)	CVE-2018-11408	Packagist Security Advisories		symfony/security-bundle	high	CVE-2018-11408: Open redirect vulnerability on security handlers...	>=2.7.38,<2.7.48\|>=2.8.0,<2.8.41\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.11\|>=4.0.0,<4.0.11
Bikeplan.cz (Symfony)	CVE-2021-21424	Packagist Security Advisories		symfony/security-core	high	CVE-2021-21424: Prevent user enumeration via response content in authentication ...	>=2.8.0,<3.0.0\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.49\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.3.0\|>=4.3.0,<4.4.0\|>=4.4.0,<4.4.24\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.2.9
Bikeplan.cz (Symfony)	CVE-2018-11407	Packagist Security Advisories		symfony/security-core	high	CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an...	>=2.8.0,<2.8.37\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.7\|>=4.0.0,<4.0.7
Bikeplan.cz (Symfony)	CVE-2017-11365	Packagist Security Advisories		symfony/security-core	high	CVE-2017-11365: Empty passwords validation issue...	>=2.7.30,<2.7.32\|>=2.8.23,<2.8.25\|>=3.2.10,<3.2.12\|>=3.3.3,<3.3.5
Bikeplan.cz (Symfony)	CVE-2016-2403	Packagist Security Advisories		symfony/security-core	high	CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an ...	>=2.8.0,<2.8.6\|>=3.0.0,<3.0.6
Bikeplan.cz (Symfony)	CVE-2016-1902	Packagist Security Advisories		symfony/security-core	high	CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails ...	>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.6.13\|>=2.7.0,<2.7.9
Bikeplan.cz (Symfony)	CVE-2018-11406	Packagist Security Advisories		symfony/security-csrf	high	CVE-2018-11406: CSRF Token Fixation...	>=2.4.0,<2.7.48\|>=2.5.0,<2.7.48\|>=2.6.0,<2.7.48\|>=2.7.0,<2.7.48\|>=2.8.0,<2.8.41\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.11\|>=4.0.0,<4.0.11
Bikeplan.cz (Symfony)	CVE-2017-16653	Packagist Security Advisories		symfony/security-csrf	high	CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS...	>=2.7.0,<2.7.38\|>=2.8.0,<2.8.31\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.2.14\|>=3.3.0,<3.3.13
Bikeplan.cz (Symfony)	CVE-2026-48489	Packagist Security Advisories		symfony/security-http	high	CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthe...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.53\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.41\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.13\|>=8.0.0,<8.0.13
Bikeplan.cz (Symfony)	CVE-2026-45069	Packagist Security Advisories		symfony/security-http	high	CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims...	>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2026-45063	Packagist Security Advisories		symfony/security-http	high	CVE-2026-45063: Identity Spoofing via Unanchored DN Regex in X509Authenticator...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2026-45074	Packagist Security Advisories		symfony/security-http	high	CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header → Cr...	>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2026-45075	Packagist Security Advisories		symfony/security-http	high	CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / ...	>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2024-51996	Packagist Security Advisories		symfony/security-http	high	CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie...	>=5.3.0,<5.4.0\|>=5.4.0,<5.4.47\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.15\|>=7.0.0,<7.1.0\|>=7.1.0,<7.1.8
Bikeplan.cz (Symfony)	CVE-2023-46733	Packagist Security Advisories		symfony/security-http	high	CVE-2023-46733: Possible session fixation...	>=5.4.0,<5.4.31\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.3.8
Bikeplan.cz (Symfony)	CVE-2021-32693	Packagist Security Advisories		symfony/security-http	high	CVE-2021-32693: Authentication granted to all firewalls instead of just one...	>=5.3.0,<5.3.2
Bikeplan.cz (Symfony)	CVE-2021-21424	Packagist Security Advisories		symfony/security-http	high	CVE-2021-21424: Prevent user enumeration via response content in authentication ...	>=5.1.0,<5.2.0\|>=5.2.0,<5.2.8
Bikeplan.cz (Symfony)	CVE-2020-5275	Packagist Security Advisories		symfony/security-http	high	CVE-2020-5275: All rules set in "access_control" are required when the firewall ...	>=4.4.0,<4.4.7\|>=5.0.0,<5.0.7
Bikeplan.cz (Symfony)	CVE-2019-18886	Packagist Security Advisories		symfony/security-http	high	CVE-2019-18886: Prevent user enumeration using switch user functionality...	>=4.1.0,<4.2.0\|>=4.2.0,<4.2.12\|>=4.3.0,<4.3.8
Bikeplan.cz (Symfony)	CVE-2019-10911	Packagist Security Advisories		symfony/security-http	high	CVE-2019-10911: Add a separator in the remember me cookie hash...	>=2.7.0,<2.7.51\|>=2.8.0,<2.8.50\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.26\|>=4.0.0,<4.1.0\|>=4.1.0,<4.1.12\|>=4.2.0,<4.2.7
Bikeplan.cz (Symfony)	CVE-2018-19790	Packagist Security Advisories		symfony/security-http	high	CVE-2018-19790: Open Redirect Vulnerability on login...	>=2.7.38,<2.7.50\|>=2.8.0,<2.8.49\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.20\|>=4.0.0,<4.0.15\|>=4.1.0,<4.1.9\|>=4.2.0,<4.2.1
Bikeplan.cz (Symfony)	CVE-2018-11406	Packagist Security Advisories		symfony/security-http	high	CVE-2018-11406: CSRF Token Fixation...	>=2.4.0,<2.7.48\|>=2.5.0,<2.7.48\|>=2.6.0,<2.7.48\|>=2.7.0,<2.7.48\|>=2.8.0,<2.8.41\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.11\|>=4.0.0,<4.0.11
Bikeplan.cz (Symfony)	CVE-2018-11385	Packagist Security Advisories		symfony/security-http	high	CVE-2018-11385: Session Fixation Issue for Guard Authentication...	>=2.4.0,<2.7.48\|>=2.5.0,<2.7.48\|>=2.6.0,<2.7.48\|>=2.7.0,<2.7.48\|>=2.8.0,<2.8.41\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.11\|>=4.0.0,<4.0.11
Bikeplan.cz (Symfony)	CVE-2017-16652	Packagist Security Advisories		symfony/security-http	high	CVE-2017-16652: Open redirect vulnerability on security handlers...	>=2.7.0,<2.7.38\|>=2.8.0,<2.8.31\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.2.14\|>=3.3.0,<3.3.13
Bikeplan.cz (Symfony)	CVE-2016-4423	Packagist Security Advisories		symfony/security-http	high	CVE-2016-4423: Large username storage in session...	>=2.3.0,<2.3.41\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.7.13\|>=2.8.0,<2.8.6\|>=3.0.0,<3.0.6
Bikeplan.cz (Symfony)	CVE-2015-8124	Packagist Security Advisories		symfony/security-http	high	CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature...	>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.6.12\|>=2.7.0,<2.7.7
Bikeplan.cz (Symfony)	CVE-2015-8125	Packagist Security Advisories		symfony/security-http	high	CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember...	>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.6.12\|>=2.7.0,<2.7.7
Bikeplan.cz (Symfony)	CVE-2021-41270	Packagist Security Advisories		symfony/serializer	high	CVE-2021-41270: Prevent CSV Injection via formulas...	>=4.1.0,<4.2.0\|>=4.2.0,<4.3.0\|>=4.3.0,<4.4.0\|>=4.4.0,<4.4.35\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.3.12
Bikeplan.cz (Symfony)	CVE-2026-45072	Packagist Security Advisories		symfony/twig-bridge	high	CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescape...	>=6.4.24,<6.4.40
Bikeplan.cz (Symfony)	CVE-2023-46734	Packagist Security Advisories		symfony/twig-bridge	high	CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.8.0\|>=2.8.0,<3.0.0\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<4.0.0\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.3.0\|>=4.3.0,<4.4.0\|>=4.4.0,<4.4.51\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.31\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.3.8
Bikeplan.cz (Symfony)	CVE-2024-50343	Packagist Security Advisories		symfony/validator	high	CVE-2024-50343: Incorrect response from Validator when input ends with ` `...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.43\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.11\|>=7.0.0,<7.1.0\|>=7.1.0,<7.1.4
Bikeplan.cz (Symfony)	CVE-2013-4751	Packagist Security Advisories		symfony/validator	high	Validation metadata serialization and loss of information...	>=2.0.0,<2.0.24\|>=2.1.0,<2.1.12\|>=2.2.0,<2.2.5\|>=2.3.0,<2.3.3
Bikeplan.cz (Symfony)	CVE-2019-11325	Packagist Security Advisories		symfony/var-exporter	high	CVE-2019-11325: Fix escaping of strings in VarExporter...	>=4.2.0,<4.2.12\|>=4.3.0,<4.3.8
Bikeplan.cz (Symfony)	CVE-2026-45304	Packagist Security Advisories		symfony/yaml	high	CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collecti...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2026-45305	Packagist Security Advisories		symfony/yaml	high	CVE-2026-45305: YAML Parser ReDoS via Catastrophic Backtracking in Parser::clean...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2026-45133	Packagist Security Advisories		symfony/yaml	high	CVE-2026-45133: YAML Parser Stack Exhaustion via Unbounded Recursion in Nested B...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2013-1397	Packagist Security Advisories		symfony/yaml	high	Ability to enable/disable object support in YAML parsing and dumping...	>=2.0.0,<2.0.22\|>=2.1.0,<2.1.7
Bikeplan.cz (Symfony)	CVE-2013-1348	Packagist Security Advisories		symfony/yaml	high	Ability to enable/disable PHP parsing in Yaml::parse()...	>=2.0.0,<2.0.22
Bikeplan.cz (Symfony)	CVE-2026-48808	Packagist Security Advisories		twig/twig	high	Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInt...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.27.0
Bikeplan.cz (Symfony)	CVE-2026-48805	Packagist Security Advisories		twig/twig	high	Sandbox state regression in deprecated internal wrappers in `src/Resources/core....	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.27.0
Bikeplan.cz (Symfony)	CVE-2026-46636	Packagist Security Advisories		twig/twig	high	Sandbox filter, tag and function allow-list bypass when sandbox state changes be...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.27.0
Bikeplan.cz (Symfony)	CVE-2026-48806	Packagist Security Advisories		twig/twig	high	Sandbox `__toString()` policy bypass via dynamic mapping keys...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.27.0
Bikeplan.cz (Symfony)	CVE-2026-48807	Packagist Security Advisories		twig/twig	high	Sandbox `__toString()` policy bypass via `Traversable` in `join`/`replace` and `...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.27.0
Bikeplan.cz (Symfony)	CVE-2026-46640	Packagist Security Advisories		twig/twig	high	Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation...	>=3.15.0,<3.26.0
Bikeplan.cz (Symfony)	CVE-2026-46628	Packagist Security Advisories		twig/twig	high	The `spaceless` filter implicitly marks its output as safe...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.26.0
Bikeplan.cz (Symfony)	CVE-2026-46633	Packagist Security Advisories		twig/twig	high	PHP code injection via `{% use %}` template name...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.26.0
Bikeplan.cz (Symfony)	CVE-2026-47730	Packagist Security Advisories		twig/twig	high	XSS in profiler HtmlDumper via unescaped template and profile names...	>=3.0.0,<3.26.0
Bikeplan.cz (Symfony)	CVE-2026-46639	Packagist Security Advisories		twig/twig	high	Sandbox property and method bypass via object-destructuring assignment...	>=3.24.0,<3.26.0
Bikeplan.cz (Symfony)	CVE-2026-46627	Packagist Security Advisories		twig/twig	high	Sandbox does not protect against resource exhaustion...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.26.0
Bikeplan.cz (Symfony)	CVE-2026-46635	Packagist Security Advisories		twig/twig	high	Sandbox property allowlist bypass via the `column` filter (array_column on objec...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.26.0
Bikeplan.cz (Symfony)	CVE-2026-46638	Packagist Security Advisories		twig/twig	high	`{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomple...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.26.0
Bikeplan.cz (Symfony)	CVE-2026-24425	Packagist Security Advisories		twig/twig	high	Possible sandbox bypass when using a source policy...	>=2.16.0,<3.0.0\|>=3.9.0,<3.26.0
Bikeplan.cz (Symfony)	CVE-2026-47732	Packagist Security Advisories		twig/twig	high	Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion p...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.26.0
Bikeplan.cz (Symfony)	CVE-2026-46634	Packagist Security Advisories		twig/twig	high	`template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized t...	>=3.9.0,<3.26.0
Bikeplan.cz (Symfony)	CVE-2025-24374	Packagist Security Advisories		twig/twig	high	Missing output escaping for the null coalesce operator...	>=3.16.0,<3.19.0
Bikeplan.cz (Symfony)	CVE-2024-51754	Packagist Security Advisories		twig/twig	high	Unguarded calls to __toString() when nesting an object into an array...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.11.2\|>=3.12.0,<3.14.1
Bikeplan.cz (Symfony)	CVE-2024-51755	Packagist Security Advisories		twig/twig	high	Unguarded calls to __isset() and to array-accesses when the sandbox is enabled...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.11.2\|>=3.12.0,<3.14.1
Bikeplan.cz (Symfony)	CVE-2024-45411	Packagist Security Advisories		twig/twig	high	Possible sandbox bypass...	>=1.0.0,<1.44.7\|>=2.0.0,<2.16.0\|>=3.0.0,<3.11.0\|>=3.12.0,<3.14.0
Bikeplan.cz (Symfony)	CVE-2022-39261	Packagist Security Advisories		twig/twig	high	Possibility to load a template outside a configured directory when using the fil...	>=1.0.0,<1.44.7\|>=2.0.0,<2.15.3\|>=3.0.0,<3.4.3
Bikeplan.cz (Symfony)	CVE-2022-23614	Packagist Security Advisories		twig/twig	high	Disallow non closures in the sort filter...	>=2.0.0,<2.14.11\|>=3.0.0,<3.3.8
Bikeplan.cz (Symfony)	CVE-2019-9942	Packagist Security Advisories		twig/twig	high	Sandbox Information Disclosure...	<1.38.0\|>=2.0.0,<2.7.0
Bikeplan.cz (Symfony)	CVE-2015-7809	Packagist Security Advisories		twig/twig	high	Remote code execution in templates...	<1.20.0
Bikeplan.cz (Symfony)	CVE-2026-45071	Packagist Security Advisories		symfony/dom-crawler	high	CVE-2026-45071: XXE (Local File Disclosure) in DomCrawler::addXmlContent() via v...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2021-21424	Packagist Security Advisories		symfony/maker-bundle	high	CVE-2021-21424: Prevent user enumeration via response content in authentication ...	>=1.27.0,<1.28.0\|>=1.28.0,<1.29.0\|>=1.29.0,<1.29.2\|>=1.30.0,<1.31.0\|>=1.31.0,<1.31.1
Bikeplan.cz (Symfony)	CVE-2019-10912	Packagist Security Advisories		symfony/phpunit-bridge	high	CVE-2019-10912: Prevent destructors with side-effects from being unserialized...	>=2.8.0,<2.8.50\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.26\|>=4.0.0,<4.1.0\|>=4.1.0,<4.1.12\|>=4.2.0,<4.2.7
Bikeplan.cz (Symfony)	CVE-2026-45072	Packagist Security Advisories		symfony/web-profiler-bundle	high	CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescape...	>=7.2.9,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Bikeplan.cz (Symfony)	CVE-2014-6072	Packagist Security Advisories		symfony/web-profiler-bundle	high	CSRF vulnerability in the Web Profiler...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.19\|>=2.4.0,<2.4.9\|>=2.5.0,<2.5.4
Bikeplan.cz (Symfony)	CVE-2026-5773	Trivy image	debian	curl	high	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse...	N/A
Bikeplan.cz (Symfony)	CVE-2026-6276	Trivy image	debian	curl	high	curl: libcurl: Information disclosure due to cookie leak when reusing connection...	N/A
Bikeplan.cz (Symfony)	CVE-2026-5773	Trivy image	debian	libcurl4t64	high	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse...	N/A
Bikeplan.cz (Symfony)	CVE-2026-6276	Trivy image	debian	libcurl4t64	high	curl: libcurl: Information disclosure due to cookie leak when reusing connection...	N/A
Bikeplan.cz (Symfony)	CVE-2026-40356	Trivy image	debian	libgssapi-krb5-2	high	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-...	1.21.3-5+deb13u1
Bikeplan.cz (Symfony)	CVE-2026-40356	Trivy image	debian	libk5crypto3	high	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-...	1.21.3-5+deb13u1
Bikeplan.cz (Symfony)	CVE-2026-40356	Trivy image	debian	libkrb5-3	high	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-...	1.21.3-5+deb13u1
Bikeplan.cz (Symfony)	CVE-2026-40356	Trivy image	debian	libkrb5support0	high	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-...	1.21.3-5+deb13u1
Bikeplan.cz (Symfony)	CVE-2026-42497	Trivy image	debian	libperl5.40	high	Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-48962	Trivy image	debian	libperl5.40	high	perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-contro...	N/A
Bikeplan.cz (Symfony)	CVE-2026-9538	Trivy image	debian	libperl5.40	high	Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-7598	Trivy image	debian	libssh2-1t64	high	libssh2: integer overflow via large username or password arguments...	N/A
Bikeplan.cz (Symfony)	CVE-2025-69720	Trivy image	debian	libtinfo6	high	ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execu...	N/A
Bikeplan.cz (Symfony)	CVE-2026-6732	Trivy image	debian	libxml2	high	libxml2: libxml2: Denial of Service via crafted XSD-validated document...	N/A
Bikeplan.cz (Symfony)	CVE-2013-7445	Trivy image	debian	linux-libc-dev	high	kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects...	N/A
Bikeplan.cz (Symfony)	CVE-2019-19449	Trivy image	debian	linux-libc-dev	high	kernel: mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds ...	N/A
Bikeplan.cz (Symfony)	CVE-2019-19814	Trivy image	debian	linux-libc-dev	high	kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c...	N/A
Bikeplan.cz (Symfony)	CVE-2021-3847	Trivy image	debian	linux-libc-dev	high	kernel: low-privileged user privileges escalation...	N/A
Bikeplan.cz (Symfony)	CVE-2021-3864	Trivy image	debian	linux-libc-dev	high	kernel: descendant's dumpable setting with certain SUID binaries...	N/A
Bikeplan.cz (Symfony)	CVE-2024-21803	Trivy image	debian	linux-libc-dev	high	kernel: bluetooth: use-after-free vulnerability in af_bluetooth.c...	N/A
Bikeplan.cz (Symfony)	CVE-2024-58015	Trivy image	debian	linux-libc-dev	high	kernel: wifi: ath12k: Fix for out-of bound access error...	N/A
Bikeplan.cz (Symfony)	CVE-2024-58093	Trivy image	debian	linux-libc-dev	high	kernel: Linux kernel: PCI/ASPM use-after-free during hot-unplug...	N/A
Bikeplan.cz (Symfony)	CVE-2025-22104	Trivy image	debian	linux-libc-dev	high	kernel: ibmvnic: Use kernel helpers for hex dumps...	N/A
Bikeplan.cz (Symfony)	CVE-2025-38137	Trivy image	debian	linux-libc-dev	high	kernel: PCI/pwrctrl: Cancel outstanding rescan work when unregistering...	N/A
Bikeplan.cz (Symfony)	CVE-2025-38187	Trivy image	debian	linux-libc-dev	high	kernel: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()...	N/A
Bikeplan.cz (Symfony)	CVE-2025-38204	Trivy image	debian	linux-libc-dev	high	kernel: jfs: fix array-index-out-of-bounds read in add_missing_indices...	N/A
Bikeplan.cz (Symfony)	CVE-2025-38206	Trivy image	debian	linux-libc-dev	high	kernel: Kernel: Double free vulnerability in exFAT filesystem can lead to denial...	N/A
Bikeplan.cz (Symfony)	CVE-2025-38421	Trivy image	debian	linux-libc-dev	high	kernel: platform/x86/amd: pmf: Use device managed allocations...	N/A
Bikeplan.cz (Symfony)	CVE-2025-38636	Trivy image	debian	linux-libc-dev	high	kernel: rv: Use strings in da monitors tracepoints...	N/A
Bikeplan.cz (Symfony)	CVE-2025-39859	Trivy image	debian	linux-libc-dev	high	kernel: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog...	N/A
Bikeplan.cz (Symfony)	CVE-2025-39862	Trivy image	debian	linux-libc-dev	high	kernel: wifi: mt76: mt7915: fix list corruption after hardware restart...	N/A
Bikeplan.cz (Symfony)	CVE-2025-39958	Trivy image	debian	linux-libc-dev	high	kernel: iommu/s390: Make attach succeed when the device was surprise removed...	N/A
Bikeplan.cz (Symfony)	CVE-2026-23102	Trivy image	debian	linux-libc-dev	high	kernel: Linux kernel: Denial of Service due to incorrect SVE context restoration...	N/A
Bikeplan.cz (Symfony)	CVE-2026-23171	Trivy image	debian	linux-libc-dev	high	kernel: Linux kernel: Use-after-free in bonding module can cause system crash or...	6.12.90-1
Bikeplan.cz (Symfony)	CVE-2026-23208	Trivy image	debian	linux-libc-dev	high	kernel: ALSA: usb-audio: Prevent excessive number of frames...	N/A
Bikeplan.cz (Symfony)	CVE-2026-23327	Trivy image	debian	linux-libc-dev	high	kernel: cxl/mbox: validate payload size before accessing contents in cxl_payload...	N/A
Bikeplan.cz (Symfony)	CVE-2026-31493	Trivy image	debian	linux-libc-dev	high	kernel: RDMA/efa: Fix use of completion ctx after free...	N/A
Bikeplan.cz (Symfony)	CVE-2026-31568	Trivy image	debian	linux-libc-dev	high	kernel: s390/mm: Add missing secure storage access fixups for donated memory...	N/A
Bikeplan.cz (Symfony)	CVE-2026-31663	Trivy image	debian	linux-libc-dev	high	kernel: xfrm: hold dev ref until after transport_finish NF_HOOK...	N/A
Bikeplan.cz (Symfony)	CVE-2026-31688	Trivy image	debian	linux-libc-dev	high	kernel: driver core: enforce device_lock for driver_match_device()...	N/A
Bikeplan.cz (Symfony)	CVE-2026-43198	Trivy image	debian	linux-libc-dev	high	kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()...	N/A
Bikeplan.cz (Symfony)	CVE-2026-43494	Trivy image	debian	linux-libc-dev	high	kernel: net/rds: reset op_nents when zerocopy page pin fails...	6.12.90-2
Bikeplan.cz (Symfony)	CVE-2026-43503	Trivy image	debian	linux-libc-dev	high	kernel: net: skbuff: propagate shared-frag marker through frag-transfer helpers...	6.12.90-1
Bikeplan.cz (Symfony)	CVE-2026-45932	Trivy image	debian	linux-libc-dev	high	kernel: bpf: Fix tcx/netkit detach permissions when prog fd isn't given...	N/A
Bikeplan.cz (Symfony)	CVE-2026-46054	Trivy image	debian	linux-libc-dev	high	kernel: selinux: fix overlayfs mmap() and mprotect() access checks...	N/A
Bikeplan.cz (Symfony)	CVE-2026-46117	Trivy image	debian	linux-libc-dev	high	kernel: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()...	N/A
Bikeplan.cz (Symfony)	CVE-2026-46181	Trivy image	debian	linux-libc-dev	high	kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()...	N/A
Bikeplan.cz (Symfony)	CVE-2026-46209	Trivy image	debian	linux-libc-dev	high	kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init...	6.12.90-1
Bikeplan.cz (Symfony)	CVE-2026-46227	Trivy image	debian	linux-libc-dev	high	kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDAL...	6.12.90-1
Bikeplan.cz (Symfony)	CVE-2026-46300	Trivy image	debian	linux-libc-dev	high	kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM lea...	6.12.90-1
Bikeplan.cz (Symfony)	CVE-2025-69720	Trivy image	debian	ncurses-base	high	ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execu...	N/A
Bikeplan.cz (Symfony)	CVE-2025-69720	Trivy image	debian	ncurses-bin	high	ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execu...	N/A
Bikeplan.cz (Symfony)	CVE-2026-42497	Trivy image	debian	perl	high	Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-48962	Trivy image	debian	perl	high	perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-contro...	N/A
Bikeplan.cz (Symfony)	CVE-2026-9538	Trivy image	debian	perl	high	Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-42497	Trivy image	debian	perl-base	high	Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-48962	Trivy image	debian	perl-base	high	perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-contro...	N/A
Bikeplan.cz (Symfony)	CVE-2026-9538	Trivy image	debian	perl-base	high	Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-42497	Trivy image	debian	perl-modules-5.40	high	Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ......	N/A
Bikeplan.cz (Symfony)	CVE-2026-48962	Trivy image	debian	perl-modules-5.40	high	perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-contro...	N/A
Bikeplan.cz (Symfony)	CVE-2026-9538	Trivy image	debian	perl-modules-5.40	high	Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ......	N/A
Bikeplan.cz (Symfony)	DOCKERFILE-ROOT-USER	Dockerfile static checks		dockerfile	high	Container runs as root user...	N/A
CSAT Project (Survey Tool)	CVE-2025-69421	Trivy image	alpine	libcrypto3	high	openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing...	3.5.5-r0
CSAT Project (Survey Tool)	CVE-2026-28387	Trivy image	alpine	libcrypto3	high	openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA au...	3.5.6-r0
CSAT Project (Survey Tool)	CVE-2026-28388	Trivy image	alpine	libcrypto3	high	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL...	3.5.6-r0
CSAT Project (Survey Tool)	CVE-2026-28389	Trivy image	alpine	libcrypto3	high	openssl: OpenSSL: Denial of Service vulnerability in CMS processing...	3.5.6-r0
CSAT Project (Survey Tool)	CVE-2026-28390	Trivy image	alpine	libcrypto3	high	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS Envel...	3.5.6-r0
CSAT Project (Survey Tool)	CVE-2025-69421	Trivy image	alpine	libssl3	high	openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing...	3.5.5-r0
CSAT Project (Survey Tool)	CVE-2026-28387	Trivy image	alpine	libssl3	high	openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA au...	3.5.6-r0
CSAT Project (Survey Tool)	CVE-2026-28388	Trivy image	alpine	libssl3	high	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL...	3.5.6-r0
CSAT Project (Survey Tool)	CVE-2026-28389	Trivy image	alpine	libssl3	high	openssl: OpenSSL: Denial of Service vulnerability in CMS processing...	3.5.6-r0
CSAT Project (Survey Tool)	CVE-2026-28390	Trivy image	alpine	libssl3	high	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS Envel...	3.5.6-r0
CSAT Project (Survey Tool)	CVE-2026-40200	Trivy image	alpine	musl	high	musl: musl libc: Arbitrary code execution and denial of service via stack-based ...	1.2.5-r12
CSAT Project (Survey Tool)	CVE-2026-40200	Trivy image	alpine	musl-utils	high	musl: musl libc: Arbitrary code execution and denial of service via stack-based ...	1.2.5-r12
CSAT Project (Survey Tool)	CVE-2024-21538	Trivy image	node-pkg	cross-spawn	high	cross-spawn: regular expression denial of service...	7.0.5, 6.0.6
CSAT Project (Survey Tool)	CVE-2025-64756	Trivy image	node-pkg	glob	high	glob: glob: Command Injection Vulnerability via Malicious Filenames...	11.1.0, 10.5.0
CSAT Project (Survey Tool)	CVE-2026-26996	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service via specially crafted glob patterns...	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
CSAT Project (Survey Tool)	CVE-2026-27903	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking ...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
CSAT Project (Survey Tool)	CVE-2026-27904	Trivy image	node-pkg	minimatch	high	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob ex...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
CSAT Project (Survey Tool)	CVE-2026-23745	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsa...	7.5.3
CSAT Project (Survey Tool)	CVE-2026-23950	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision rac...	7.5.4
CSAT Project (Survey Tool)	CVE-2026-24842	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in ha...	7.5.7
CSAT Project (Survey Tool)	CVE-2026-26960	Trivy image	node-pkg	tar	high	node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink cre...	7.5.8
CSAT Project (Survey Tool)	CVE-2026-29786	Trivy image	node-pkg	tar	high	node-tar: hardlink path traversal via drive-relative linkpath...	7.5.10
CSAT Project (Survey Tool)	CVE-2026-31802	Trivy image	node-pkg	tar	high	tar: tar: File overwrite via drive-relative symlink traversal...	7.5.11
CSAT Project (Survey Tool)	DOCKERFILE-ROOT-USER	Dockerfile static checks		dockerfile	high	Container runs as root user...	N/A
CSAT Project (Survey Tool)	HELM-NO-RUN-AS-NON-ROOT	HelmScanner		helm-values	high	Container not configured to run as non-root...	configured
CSAT pro KS	CVE-2024-21538	Trivy image	node-pkg	cross-spawn	high	cross-spawn: regular expression denial of service...	7.0.5, 6.0.6
CSAT pro KS	CVE-2025-64756	Trivy image	node-pkg	glob	high	glob: glob: Command Injection Vulnerability via Malicious Filenames...	11.1.0, 10.5.0
CSAT pro KS	CVE-2026-26996	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service via specially crafted glob patterns...	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
CSAT pro KS	CVE-2026-27903	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking ...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
CSAT pro KS	CVE-2026-27904	Trivy image	node-pkg	minimatch	high	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob ex...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
CSAT pro KS	CVE-2026-23745	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsa...	7.5.3
CSAT pro KS	CVE-2026-23950	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision rac...	7.5.4
CSAT pro KS	CVE-2026-24842	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in ha...	7.5.7
CSAT pro KS	CVE-2026-26960	Trivy image	node-pkg	tar	high	node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink cre...	7.5.8
CSAT pro KS	CVE-2026-29786	Trivy image	node-pkg	tar	high	node-tar: hardlink path traversal via drive-relative linkpath...	7.5.10
CSAT pro KS	CVE-2026-31802	Trivy image	node-pkg	tar	high	tar: tar: File overwrite via drive-relative symlink traversal...	7.5.11
CSAT pro KS	DOCKERFILE-ROOT-USER	Dockerfile static checks		dockerfile	high	Container runs as root user...	N/A
CSAT pro KS	HELM-NO-RUN-AS-NON-ROOT	HelmScanner		helm-values	high	Container not configured to run as non-root...	configured
Car KK	CVE-2025-69421	Trivy image	alpine	libcrypto3	high	openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing...	3.3.6-r0
Car KK	CVE-2026-28387	Trivy image	alpine	libcrypto3	high	openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA au...	3.3.7-r0
Car KK	CVE-2026-28388	Trivy image	alpine	libcrypto3	high	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL...	3.3.7-r0
Car KK	CVE-2026-28389	Trivy image	alpine	libcrypto3	high	openssl: OpenSSL: Denial of Service vulnerability in CMS processing...	3.3.7-r0
Car KK	CVE-2026-28390	Trivy image	alpine	libcrypto3	high	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS Envel...	3.3.7-r0
Car KK	CVE-2025-69421	Trivy image	alpine	libssl3	high	openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing...	3.3.6-r0
Car KK	CVE-2026-28387	Trivy image	alpine	libssl3	high	openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA au...	3.3.7-r0
Car KK	CVE-2026-28388	Trivy image	alpine	libssl3	high	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL...	3.3.7-r0
Car KK	CVE-2026-28389	Trivy image	alpine	libssl3	high	openssl: OpenSSL: Denial of Service vulnerability in CMS processing...	3.3.7-r0
Car KK	CVE-2026-28390	Trivy image	alpine	libssl3	high	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS Envel...	3.3.7-r0
Car KK	CVE-2026-40200	Trivy image	alpine	musl	high	musl: musl libc: Arbitrary code execution and denial of service via stack-based ...	1.2.5-r11
Car KK	CVE-2026-40200	Trivy image	alpine	musl-utils	high	musl: musl libc: Arbitrary code execution and denial of service via stack-based ...	1.2.5-r11
Car KK	CVE-2024-21538	Trivy image	node-pkg	cross-spawn	high	cross-spawn: regular expression denial of service...	7.0.5, 6.0.6
Car KK	CVE-2025-64756	Trivy image	node-pkg	glob	high	glob: glob: Command Injection Vulnerability via Malicious Filenames...	11.1.0, 10.5.0
Car KK	CVE-2026-26996	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service via specially crafted glob patterns...	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Car KK	CVE-2026-27903	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking ...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Car KK	CVE-2026-27904	Trivy image	node-pkg	minimatch	high	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob ex...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Car KK	CVE-2026-23745	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsa...	7.5.3
Car KK	CVE-2026-23950	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision rac...	7.5.4
Car KK	CVE-2026-24842	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in ha...	7.5.7
Car KK	CVE-2026-26960	Trivy image	node-pkg	tar	high	node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink cre...	7.5.8
Car KK	CVE-2026-29786	Trivy image	node-pkg	tar	high	node-tar: hardlink path traversal via drive-relative linkpath...	7.5.10
Car KK	CVE-2026-31802	Trivy image	node-pkg	tar	high	tar: tar: File overwrite via drive-relative symlink traversal...	7.5.11
Car KK	DOCKERFILE-ROOT-USER	Dockerfile static checks		dockerfile	high	Container runs as root user...	N/A
Car KK	HELM-NO-RUN-AS-NON-ROOT	HelmScanner		helm-values	high	Container not configured to run as non-root...	configured
FQ Majetek	CVE-2023-5363	Trivy image	alpine	libcrypto3	high	openssl: Incorrect cipher key and IV length processing...	3.0.12-r0
FQ Majetek	CVE-2024-6119	Trivy image	alpine	libcrypto3	high	openssl: Possible denial of service in X.509 name checks...	3.0.15-r0
FQ Majetek	CVE-2025-69421	Trivy image	alpine	libcrypto3	high	openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing...	3.0.19-r0
FQ Majetek	CVE-2023-5363	Trivy image	alpine	libssl3	high	openssl: Incorrect cipher key and IV length processing...	3.0.12-r0
FQ Majetek	CVE-2024-6119	Trivy image	alpine	libssl3	high	openssl: Possible denial of service in X.509 name checks...	3.0.15-r0
FQ Majetek	CVE-2025-69421	Trivy image	alpine	libssl3	high	openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing...	3.0.19-r0
FQ Majetek	CVE-2025-26519	Trivy image	alpine	musl	high	musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ......	1.2.3-r6
FQ Majetek	CVE-2025-26519	Trivy image	alpine	musl-utils	high	musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ......	1.2.3-r6
FQ Majetek	CVE-2021-3807	Trivy image	node-pkg	ansi-regex	high	nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI es...	6.0.1, 5.0.1, 4.1.1, 3.0.1
FQ Majetek	CVE-2021-3807	Trivy image	node-pkg	ansi-regex	high	nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI es...	6.0.1, 5.0.1, 4.1.1, 3.0.1
FQ Majetek	CVE-2024-21538	Trivy image	node-pkg	cross-spawn	high	cross-spawn: regular expression denial of service...	7.0.5, 6.0.6
FQ Majetek	CVE-2022-25881	Trivy image	node-pkg	http-cache-semantics	high	http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability...	4.1.1
FQ Majetek	CVE-2024-29415	Trivy image	node-pkg	ip	high	node-ip: Incomplete fix for CVE-2023-42282...	N/A
FQ Majetek	CVE-2026-26996	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service via specially crafted glob patterns...	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
FQ Majetek	CVE-2026-26996	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service via specially crafted glob patterns...	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
FQ Majetek	CVE-2026-27903	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking ...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
FQ Majetek	CVE-2026-27903	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking ...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
FQ Majetek	CVE-2026-27904	Trivy image	node-pkg	minimatch	high	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob ex...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
FQ Majetek	CVE-2026-27904	Trivy image	node-pkg	minimatch	high	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob ex...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
FQ Majetek	CVE-2022-25883	Trivy image	node-pkg	semver	high	nodejs-semver: Regular expression denial of service...	7.5.2, 6.3.1, 5.7.2
FQ Majetek	CVE-2026-23745	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsa...	7.5.3
FQ Majetek	CVE-2026-23950	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision rac...	7.5.4
FQ Majetek	CVE-2026-24842	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in ha...	7.5.7
FQ Majetek	CVE-2026-26960	Trivy image	node-pkg	tar	high	node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink cre...	7.5.8
FQ Majetek	CVE-2026-29786	Trivy image	node-pkg	tar	high	node-tar: hardlink path traversal via drive-relative linkpath...	7.5.10
FQ Majetek	CVE-2026-31802	Trivy image	node-pkg	tar	high	tar: tar: File overwrite via drive-relative symlink traversal...	7.5.11
FQ Majetek	DOCKERFILE-ROOT-USER	Dockerfile static checks		dockerfile	high	Container runs as root user...	N/A
FQ Majetek	HELM-NO-RUN-AS-NON-ROOT	HelmScanner		helm-values	high	Container not configured to run as non-root...	configured
Golf (Symfony)	CVE-2015-5723	Packagist Security Advisories		doctrine/common	high	Security Misconfiguration Vulnerability in various Doctrine projects...	>=2.0.0,<2.4.3\|>=2.5.0,<2.5.1
Golf (Symfony)	CVE-2021-43608	Packagist Security Advisories		doctrine/dbal	high	SQL Injection in Limit Clause Generation API...	>=3.0.0,<3.0.99\|>=3.1.0,<3.1.4
Golf (Symfony)	CVE-2015-5723	Packagist Security Advisories		doctrine/doctrine-bundle	high	Security Misconfiguration Vulnerability in various Doctrine projects...	<1.5.2
Golf (Symfony)	CVE-2015-5723	Packagist Security Advisories		doctrine/orm	high	Security Misconfiguration Vulnerability in various Doctrine projects...	>=2.0.0,<2.4.8\|>=2.5.0,<2.5.1
Golf (Symfony)	CVE-2022-31091	Packagist Security Advisories		guzzlehttp/guzzle	high	Change in port should be considered a change in origin...	>=7,<7.4.5\|>=4,<6.5.8
Golf (Symfony)	CVE-2022-31090	Packagist Security Advisories		guzzlehttp/guzzle	high	CURLOPT_HTTPAUTH option not cleared on change of origin...	>=7,<7.4.5\|>=4,<6.5.8
Golf (Symfony)	CVE-2022-31043	Packagist Security Advisories		guzzlehttp/guzzle	high	Fix failure to strip Authorization header on HTTP downgrade...	>=7,<7.4.4\|>=4,<6.5.7
Golf (Symfony)	CVE-2022-31042	Packagist Security Advisories		guzzlehttp/guzzle	high	Failure to strip the Cookie header on change in host or HTTP downgrade...	>=7,<7.4.4\|>=4,<6.5.7
Golf (Symfony)	CVE-2022-29248	Packagist Security Advisories		guzzlehttp/guzzle	high	Cross-domain cookie leakage...	>=7,<7.4.3\|>=4,<6.5.6
Golf (Symfony)	CVE-2016-5385	Packagist Security Advisories		guzzlehttp/guzzle	high	HTTP Proxy header vulnerability...	>=6,<6.2.1\|>=4.0.0-rc2,<4.2.4\|>=5,<5.3.1
Golf (Symfony)	CVE-2023-29197	Packagist Security Advisories		guzzlehttp/psr7	high	Improper header validation...	>=2,<2.4.5\|<1.9.1
Golf (Symfony)	CVE-2022-24775	Packagist Security Advisories		guzzlehttp/psr7	high	Inproper parsing of HTTP headers...	>=2,<2.1.1\|<1.8.4
Golf (Symfony)	CVE-2026-46643	Packagist Security Advisories		knplabs/knp-snappy	high	Snappy: Binary path is never shell-escaped due to an inverted is_executable chec...	<=1.7.0
Golf (Symfony)	CVE-2026-46683	Packagist Security Advisories		knplabs/knp-snappy	high	Snappy : SSRF and local file read via the xsl-style-sheet option...	<=1.6.0
Golf (Symfony)	CVE-2023-41330	Packagist Security Advisories		knplabs/knp-snappy	high	Snappy PHAR deserialization vulnerability...	<=1.4.2
Golf (Symfony)	CVE-2023-28115	Packagist Security Advisories		knplabs/knp-snappy	high	PHAR deserialization allowing remote code execution...	<1.4.2
Golf (Symfony)	CVE-2026-40902	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Di...	<=1.30.3\|>=2.0.0,<=2.1.15\|>=2.2.0,<=2.4.4\|>=3.3.0,<=3.10.4\|>=4.0.0,<=5.6.0
Golf (Symfony)	CVE-2026-40863	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetM...	<=1.30.3\|>=2.0.0,<=2.1.15\|>=2.2.0,<=2.4.4\|>=3.3.0,<=3.10.4\|>=4.0.0,<=5.6.0
Golf (Symfony)	CVE-2026-34084	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled...	<=1.30.2\|>=2.0.0,<=2.1.14\|>=2.2.0,<=2.4.3\|>=3.3.0,<=3.10.3\|>=4.0.0,<=5.5.0
Golf (Symfony)	CVE-2026-40296	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has XSS via number format code with @ text placeholder bypasses h...	<=1.30.3\|>=2.0.0,<=2.1.15\|>=2.2.0,<=2.4.4\|>=3.3.0,<=3.10.4\|>=4.0.0,<=5.6.0
Golf (Symfony)	CVE-2026-35453	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer...	<=1.30.3\|>=2.0.0,<=2.1.15\|>=2.2.0,<=2.4.4\|>=3.3.0,<=3.10.4\|>=4.0.0,<=5.6.0
Golf (Symfony)	CVE-2025-54370	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML d...	<1.30.0\|>=2.0.0,<2.1.0\|>=2.1.0,<2.1.12\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=3.0.0,<3.10.0\|>=4.0.0,<5.0.0
Golf (Symfony)	CVE-2025-23210	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol a...	>=2.0.0,<2.1.8\|>=2.2.0,<2.3.7\|<1.29.9\|>=3.0.0,<3.9.0
Golf (Symfony)	CVE-2025-22131	Packagist Security Advisories		phpoffice/phpspreadsheet	high	Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in Php...	>=2.2.0,<2.3.6\|>=2.0.0,<2.1.7\|<1.29.8\|>=3.0.0,<3.8.0
Golf (Symfony)	CVE-2024-56412	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and spe...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Golf (Symfony)	CVE-2024-56411	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink b...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Golf (Symfony)	CVE-2024-56410	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properti...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Golf (Symfony)	CVE-2024-56409	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Golf (Symfony)	CVE-2024-56366	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Golf (Symfony)	CVE-2024-56365	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downl...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Golf (Symfony)	CVE-2024-56408	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file...	>=2.2.0,<=2.3.4\|>=2.0.0,<=2.1.5\|<=1.29.6\|>=3.0.0,<3.7.0
Golf (Symfony)	CVE-2024-48917	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XXE in PHPSpreadsheet's XLSX reader...	>=3.3.0,<3.4.0\|>=2.2.0,<2.3.2\|>=2.0.0,<2.1.3\|<1.29.4
Golf (Symfony)	CVE-2024-47873	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XmlScanner bypass leads to XXE...	>=3.3.0,<3.4.0\|>=2.2.0,<2.3.2\|>=2.0.0,<2.1.3\|<1.29.4
Golf (Symfony)	CVE-2024-45293	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XXE in PHPSpreadsheet's XLSX reader...	>=2.0.0,<2.1.1\|<1.29.1\|>=2.2.0,<2.3.0
Golf (Symfony)	CVE-2024-45292	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript ...	>=2.0.0,<2.1.1\|<1.29.2\|>=2.2.0,<2.3.0
Golf (Symfony)	CVE-2024-45291	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in...	>=2.0.0,<2.1.1\|<1.29.2\|>=2.2.0,<2.3.0
Golf (Symfony)	CVE-2024-45290	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery wh...	>=2.0.0,<2.1.1\|<1.29.2\|>=2.2.0,<2.3.0
Golf (Symfony)	CVE-2024-45060	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file...	>=2.0.0,<2.1.1\|<1.29.2\|>=2.2.0,<2.3.0
Golf (Symfony)	CVE-2024-45048	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XXE in PHPSpreadsheet encoding is returned...	>=2.0.0,<2.1.1\|>=2.2.0,<2.2.1\|<1.29.1
Golf (Symfony)	CVE-2024-45046	Packagist Security Advisories		phpoffice/phpspreadsheet	high	PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style infor...	<1.29.1\|>=2.0.0,<2.1.0
Golf (Symfony)	CVE-2020-7776	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XSS Vulnerability in HTML Writer...	<1.16.0
Golf (Symfony)	CVE-2019-12331	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XXE Vulnerability...	<1.8.0
Golf (Symfony)	CVE-2018-19277	Packagist Security Advisories		phpoffice/phpspreadsheet	high	XXE Vulnerability...	<=1.5.0
Golf (Symfony)	CVE-2026-45073	Packagist Security Advisories		symfony/cache	high	CVE-2026-45073: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2019-18889	Packagist Security Advisories		symfony/cache	high	CVE-2019-18889: Forbid serializing AbstractAdapter and TagAwareAdapter instances...	>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.35\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.2.12\|>=4.3.0,<4.3.8
Golf (Symfony)	CVE-2019-10912	Packagist Security Advisories		symfony/cache	high	CVE-2019-10912: Prevent destructors with side-effects from being unserialized...	>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.26\|>=4.0.0,<4.1.0\|>=4.1.0,<4.1.12\|>=4.2.0,<4.2.7
Golf (Symfony)	CVE-2019-10910	Packagist Security Advisories		symfony/dependency-injection	high	CVE-2019-10910: Check service IDs are valid...	>=2.7.0,<2.7.51\|>=2.8.0,<2.8.50\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.26\|>=4.0.0,<4.1.0\|>=4.1.0,<4.1.12\|>=4.2.0,<4.2.7
Golf (Symfony)	CVE-2020-5274	Packagist Security Advisories		symfony/error-handler	high	CVE-2020-5274: Fix Exception message escaping rendered by ErrorHandler...	>=4.4.0,<4.4.4\|>=5.0.0,<5.0.4
Golf (Symfony)	CVE-2018-19789	Packagist Security Advisories		symfony/form	high	CVE-2018-19789: Temporary uploaded file path disclosure...	>=2.7.38,<2.7.50\|>=2.8.0,<2.8.49\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.20\|>=4.0.0,<4.0.15\|>=4.1.0,<4.1.9\|>=4.2.0,<4.2.1
Golf (Symfony)	CVE-2017-16790	Packagist Security Advisories		symfony/form	high	CVE-2017-16790: Ensure that submitted data are uploaded files...	>=2.7.0,<2.7.38\|>=2.8.0,<2.8.31\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.2.14\|>=3.3.0,<3.3.13
Golf (Symfony)	CVE-2015-8125	Packagist Security Advisories		symfony/form	high	CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember...	>=2.3.0,<2.3.35\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.6.12\|>=2.7.0,<2.7.7
Golf (Symfony)	CVE-2022-23601	Packagist Security Advisories		symfony/framework-bundle	high	CVE-2022-23601: CSRF token missing in forms...	>=5.3.14,<5.3.15\|>=5.4.3,<5.4.4\|>=6.0.3,<6.0.4
Golf (Symfony)	CVE-2019-10909	Packagist Security Advisories		symfony/framework-bundle	high	CVE-2019-10909: Escape validation messages in the PHP templating engine...	>=2.7.0,<2.7.51\|>=2.8.0,<2.8.50\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.26\|>=4.0.0,<4.1.0\|>=4.1.0,<4.1.12\|>=4.2.0,<4.2.7
Golf (Symfony)	CVE-2014-4931	Packagist Security Advisories		symfony/framework-bundle	high	Code injection in the way Symfony implements translation caching in FrameworkBun...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.18\|>=2.4.0,<2.4.8\|>=2.5.0,<2.5.2
Golf (Symfony)	CVE-2026-48736	Packagist Security Advisories		symfony/http-client	high	CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT6...	>=5.4.0,<5.4.53
Golf (Symfony)	CVE-2024-50342	Packagist Security Advisories		symfony/http-client	high	CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetwor...	>=4.3.0,<4.4.0\|>=4.4.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.47\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.15\|>=7.0.0,<7.1.0\|>=7.1.0,<7.1.8
Golf (Symfony)	CVE-2026-48736	Packagist Security Advisories		symfony/http-foundation	high	CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT6...	>=6.4.0,<6.4.41\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.13\|>=8.0.0,<8.0.13
Golf (Symfony)	CVE-2025-64500	Packagist Security Advisories		symfony/http-foundation	high	CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.50\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.29\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.3.7
Golf (Symfony)	CVE-2024-50345	Packagist Security Advisories		symfony/http-foundation	high	CVE-2024-50345: Open redirect via browser-sanitized URLs...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.46\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.14\|>=7.0.0,<7.1.0\|>=7.1.0,<7.1.7
Golf (Symfony)	CVE-2020-5255	Packagist Security Advisories		symfony/http-foundation	high	CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header...	>=4.4.0,<4.4.7\|>=5.0.0,<5.0.7
Golf (Symfony)	CVE-2019-18888	Packagist Security Advisories		symfony/http-foundation	high	CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.8.0\|>=2.8.0,<2.8.52\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.35\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.2.12\|>=4.3.0,<4.3.8
Golf (Symfony)	CVE-2019-10913	Packagist Security Advisories		symfony/http-foundation	high	CVE-2019-10913: Reject invalid HTTP method overrides...	>=2.7.0,<2.7.51\|>=2.8.0,<2.8.50\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.26\|>=4.0.0,<4.1.0\|>=4.1.0,<4.1.12\|>=4.2.0,<4.2.7
Golf (Symfony)	CVE-2018-14773	Packagist Security Advisories		symfony/http-foundation	high	CVE-2018-14773: Remove support for legacy and risky HTTP headers...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.7.49\|>=2.8.0,<2.8.44\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.18\|>=3.4.0,<3.4.14\|>=4.0.0,<4.0.14\|>=4.1.0,<4.1.3
Golf (Symfony)	CVE-2018-11386	Packagist Security Advisories		symfony/http-foundation	high	CVE-2018-11386: Denial of service when using PDOSessionHandler...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.7.48\|>=2.8.0,<2.8.41\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.11\|>=4.0.0,<4.0.11
Golf (Symfony)	CVE-2015-2309	Packagist Security Advisories		symfony/http-foundation	high	Unsafe methods in the Request class...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.27\|>=2.4.0,<2.5.0\|>=2.5.0,<2.5.11\|>=2.6.0,<2.6.6
Golf (Symfony)	CVE-2014-6061	Packagist Security Advisories		symfony/http-foundation	high	Security issue when parsing the Authorization header...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.19\|>=2.4.0,<2.4.9\|>=2.5.0,<2.5.4
Golf (Symfony)	CVE-2014-5244	Packagist Security Advisories		symfony/http-foundation	high	Denial of service with a malicious HTTP Host header...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.19\|>=2.4.0,<2.4.9\|>=2.5.0,<2.5.4
Golf (Symfony)	CVE-2013-4752	Packagist Security Advisories		symfony/http-foundation	high	Request::getHost() poisoning...	>=2.0.0,<2.0.24\|>=2.1.0,<2.1.12\|>=2.2.0,<2.2.5\|>=2.3.0,<2.3.3
Golf (Symfony)	CVE-2012-6431	Packagist Security Advisories		symfony/http-foundation	high	Routes behind a firewall are accessible even when not logged in...	>=2.0.0,<2.0.19
Golf (Symfony)	CVE-2026-45075	Packagist Security Advisories		symfony/http-kernel	high	CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / ...	>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2022-24894	Packagist Security Advisories		symfony/http-kernel	high	CVE-2022-24894: Prevent storing cookie headers in HttpCache...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.8.0\|>=2.8.0,<3.0.0\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<4.0.0\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.3.0\|>=4.3.0,<4.4.0\|>=4.4.0,<4.4.50\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.20\|>=6.0.0,<6.0.20\|>=6.1.0,<6.1.12\|>=6.2.0,<6.2.6
Golf (Symfony)	CVE-2021-41267	Packagist Security Advisories		symfony/http-kernel	high	CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request...	>=5.2.0,<5.3.0\|>=5.3.0,<5.3.12
Golf (Symfony)	CVE-2020-15094	Packagist Security Advisories		symfony/http-kernel	high	CVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient...	>=4.3.0,<4.4.0\|>=4.4.0,<4.4.13\|>=5.0.0,<5.1.0\|>=5.1.0,<5.1.5
Golf (Symfony)	CVE-2019-18887	Packagist Security Advisories		symfony/http-kernel	high	CVE-2019-18887: Use constant time comparison in UriSigner...	>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.8.0\|>=2.8.0,<2.8.52\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.35\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.2.12\|>=4.3.0,<4.3.8
Golf (Symfony)	CVE-2015-4050	Packagist Security Advisories		symfony/http-kernel	high	CVE-2015-4050: ESI unauthorized access...	>=2.3.19,<2.3.29\|>=2.4.9,<2.5.0\|>=2.5.4,<2.5.12\|>=2.6.0,<2.6.8
Golf (Symfony)	CVE-2015-2308	Packagist Security Advisories		symfony/http-kernel	high	Esi Code Injection...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.27\|>=2.4.0,<2.5.0\|>=2.5.0,<2.5.11\|>=2.6.0,<2.6.6
Golf (Symfony)	CVE-2014-5245	Packagist Security Advisories		symfony/http-kernel	high	Direct access of ESI URLs behind a trusted proxy...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.19\|>=2.4.0,<2.4.9\|>=2.5.0,<2.5.4
Golf (Symfony)	CVE-2017-16654	Packagist Security Advisories		symfony/intl	high	CVE-2017-16654: Intl bundle readers breaking out of paths...	>=2.7.0,<2.7.38\|>=2.8.0,<2.8.31\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.2.14\|>=3.3.0,<3.3.13
Golf (Symfony)	CVE-2026-45068	Packagist Security Advisories		symfony/mailer	high	CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipi...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2026-45070	Packagist Security Advisories		symfony/mime	high	CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Paramete...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2026-45067	Packagist Security Advisories		symfony/mime	high	CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Compon...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2019-18888	Packagist Security Advisories		symfony/mime	high	CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser...	>=4.3.0,<4.3.8
Golf (Symfony)	CVE-2026-45077	Packagist Security Advisories		symfony/monolog-bridge	high	CVE-2026-45077: Unauthenticated PHP Object Deserialization in MonologBridge serv...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2026-46644	Packagist Security Advisories		symfony/polyfill-intl-idn	high	CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode pay...	>=1.17.1,<1.38.1
Golf (Symfony)	CVE-2026-24739	Packagist Security Advisories		symfony/process	high	Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructi...	>=8.0,<8.0.5\|>=7.4,<7.4.5\|>=7.3,<7.3.11\|>=6.4,<6.4.33\|<5.4.51
Golf (Symfony)	CVE-2024-51736	Packagist Security Advisories		symfony/process	high	CVE-2024-51736: Command execution hijack on Windows with Process class...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.46\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.14\|>=7.0.0,<7.1.0\|>=7.1.0,<7.1.7
Golf (Symfony)	CVE-2026-48784	Packagist Security Advisories		symfony/routing	high	CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.53\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.41\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.13\|>=8.0.0,<8.0.13
Golf (Symfony)	CVE-2026-45065	Packagist Security Advisories		symfony/routing	high	CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alter...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2012-6431	Packagist Security Advisories		symfony/routing	high	Routes behind a firewall are accessible even when not logged in...	>=2.0.0,<2.0.19
Golf (Symfony)	CVE-2024-50341	Packagist Security Advisories		symfony/security-bundle	high	CVE-2024-50341: Security::login does not take into account custom user_checker...	>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.10\|>=7.0.0,<7.0.10\|>=7.1.0,<7.1.3
Golf (Symfony)	CVE-2022-24895	Packagist Security Advisories		symfony/security-bundle	high	CVE-2022-24895: Possible CSRF token fixation...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.8.0\|>=2.8.0,<3.0.0\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<4.0.0\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.3.0\|>=4.3.0,<4.4.0\|>=4.4.0,<4.4.50\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.20\|>=6.0.0,<6.0.20\|>=6.1.0,<6.1.12\|>=6.2.0,<6.2.6
Golf (Symfony)	CVE-2021-41268	Packagist Security Advisories		symfony/security-bundle	high	CVE-2021-41268: Remember me cookie persistance after password changes...	>=5.3.0,<5.3.12
Golf (Symfony)	CVE-2018-11406	Packagist Security Advisories		symfony/security-bundle	high	CVE-2018-11406: CSRF Token Fixation...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.7.48\|>=2.8.0,<2.8.41\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.11\|>=4.0.0,<4.0.11
Golf (Symfony)	CVE-2018-11408	Packagist Security Advisories		symfony/security-bundle	high	CVE-2018-11408: Open redirect vulnerability on security handlers...	>=2.7.38,<2.7.48\|>=2.8.0,<2.8.41\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.11\|>=4.0.0,<4.0.11
Golf (Symfony)	CVE-2021-21424	Packagist Security Advisories		symfony/security-core	high	CVE-2021-21424: Prevent user enumeration via response content in authentication ...	>=2.8.0,<3.0.0\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.49\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.3.0\|>=4.3.0,<4.4.0\|>=4.4.0,<4.4.24\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.2.9
Golf (Symfony)	CVE-2018-11407	Packagist Security Advisories		symfony/security-core	high	CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an...	>=2.8.0,<2.8.37\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.7\|>=4.0.0,<4.0.7
Golf (Symfony)	CVE-2017-11365	Packagist Security Advisories		symfony/security-core	high	CVE-2017-11365: Empty passwords validation issue...	>=2.7.30,<2.7.32\|>=2.8.23,<2.8.25\|>=3.2.10,<3.2.12\|>=3.3.3,<3.3.5
Golf (Symfony)	CVE-2016-2403	Packagist Security Advisories		symfony/security-core	high	CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an ...	>=2.8.0,<2.8.6\|>=3.0.0,<3.0.6
Golf (Symfony)	CVE-2016-1902	Packagist Security Advisories		symfony/security-core	high	CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails ...	>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.6.13\|>=2.7.0,<2.7.9
Golf (Symfony)	CVE-2018-11406	Packagist Security Advisories		symfony/security-csrf	high	CVE-2018-11406: CSRF Token Fixation...	>=2.4.0,<2.7.48\|>=2.5.0,<2.7.48\|>=2.6.0,<2.7.48\|>=2.7.0,<2.7.48\|>=2.8.0,<2.8.41\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.11\|>=4.0.0,<4.0.11
Golf (Symfony)	CVE-2017-16653	Packagist Security Advisories		symfony/security-csrf	high	CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS...	>=2.7.0,<2.7.38\|>=2.8.0,<2.8.31\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.2.14\|>=3.3.0,<3.3.13
Golf (Symfony)	CVE-2026-48489	Packagist Security Advisories		symfony/security-http	high	CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthe...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.53\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.41\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.13\|>=8.0.0,<8.0.13
Golf (Symfony)	CVE-2026-45069	Packagist Security Advisories		symfony/security-http	high	CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims...	>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2026-45063	Packagist Security Advisories		symfony/security-http	high	CVE-2026-45063: Identity Spoofing via Unanchored DN Regex in X509Authenticator...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2026-45074	Packagist Security Advisories		symfony/security-http	high	CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header → Cr...	>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2026-45075	Packagist Security Advisories		symfony/security-http	high	CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / ...	>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2024-51996	Packagist Security Advisories		symfony/security-http	high	CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie...	>=5.3.0,<5.4.0\|>=5.4.0,<5.4.47\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.15\|>=7.0.0,<7.1.0\|>=7.1.0,<7.1.8
Golf (Symfony)	CVE-2023-46733	Packagist Security Advisories		symfony/security-http	high	CVE-2023-46733: Possible session fixation...	>=5.4.0,<5.4.31\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.3.8
Golf (Symfony)	CVE-2021-32693	Packagist Security Advisories		symfony/security-http	high	CVE-2021-32693: Authentication granted to all firewalls instead of just one...	>=5.3.0,<5.3.2
Golf (Symfony)	CVE-2021-21424	Packagist Security Advisories		symfony/security-http	high	CVE-2021-21424: Prevent user enumeration via response content in authentication ...	>=5.1.0,<5.2.0\|>=5.2.0,<5.2.8
Golf (Symfony)	CVE-2020-5275	Packagist Security Advisories		symfony/security-http	high	CVE-2020-5275: All rules set in "access_control" are required when the firewall ...	>=4.4.0,<4.4.7\|>=5.0.0,<5.0.7
Golf (Symfony)	CVE-2019-18886	Packagist Security Advisories		symfony/security-http	high	CVE-2019-18886: Prevent user enumeration using switch user functionality...	>=4.1.0,<4.2.0\|>=4.2.0,<4.2.12\|>=4.3.0,<4.3.8
Golf (Symfony)	CVE-2019-10911	Packagist Security Advisories		symfony/security-http	high	CVE-2019-10911: Add a separator in the remember me cookie hash...	>=2.7.0,<2.7.51\|>=2.8.0,<2.8.50\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.26\|>=4.0.0,<4.1.0\|>=4.1.0,<4.1.12\|>=4.2.0,<4.2.7
Golf (Symfony)	CVE-2018-19790	Packagist Security Advisories		symfony/security-http	high	CVE-2018-19790: Open Redirect Vulnerability on login...	>=2.7.38,<2.7.50\|>=2.8.0,<2.8.49\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.20\|>=4.0.0,<4.0.15\|>=4.1.0,<4.1.9\|>=4.2.0,<4.2.1
Golf (Symfony)	CVE-2018-11406	Packagist Security Advisories		symfony/security-http	high	CVE-2018-11406: CSRF Token Fixation...	>=2.4.0,<2.7.48\|>=2.5.0,<2.7.48\|>=2.6.0,<2.7.48\|>=2.7.0,<2.7.48\|>=2.8.0,<2.8.41\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.11\|>=4.0.0,<4.0.11
Golf (Symfony)	CVE-2018-11385	Packagist Security Advisories		symfony/security-http	high	CVE-2018-11385: Session Fixation Issue for Guard Authentication...	>=2.4.0,<2.7.48\|>=2.5.0,<2.7.48\|>=2.6.0,<2.7.48\|>=2.7.0,<2.7.48\|>=2.8.0,<2.8.41\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.3.17\|>=3.4.0,<3.4.11\|>=4.0.0,<4.0.11
Golf (Symfony)	CVE-2017-16652	Packagist Security Advisories		symfony/security-http	high	CVE-2017-16652: Open redirect vulnerability on security handlers...	>=2.7.0,<2.7.38\|>=2.8.0,<2.8.31\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.2.14\|>=3.3.0,<3.3.13
Golf (Symfony)	CVE-2016-4423	Packagist Security Advisories		symfony/security-http	high	CVE-2016-4423: Large username storage in session...	>=2.3.0,<2.3.41\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.7.13\|>=2.8.0,<2.8.6\|>=3.0.0,<3.0.6
Golf (Symfony)	CVE-2015-8124	Packagist Security Advisories		symfony/security-http	high	CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature...	>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.6.12\|>=2.7.0,<2.7.7
Golf (Symfony)	CVE-2015-8125	Packagist Security Advisories		symfony/security-http	high	CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember...	>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.6.12\|>=2.7.0,<2.7.7
Golf (Symfony)	CVE-2021-41270	Packagist Security Advisories		symfony/serializer	high	CVE-2021-41270: Prevent CSV Injection via formulas...	>=4.1.0,<4.2.0\|>=4.2.0,<4.3.0\|>=4.3.0,<4.4.0\|>=4.4.0,<4.4.35\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.3.12
Golf (Symfony)	CVE-2026-45072	Packagist Security Advisories		symfony/twig-bridge	high	CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescape...	>=6.4.24,<6.4.40
Golf (Symfony)	CVE-2023-46734	Packagist Security Advisories		symfony/twig-bridge	high	CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.4.0\|>=2.4.0,<2.5.0\|>=2.5.0,<2.6.0\|>=2.6.0,<2.7.0\|>=2.7.0,<2.8.0\|>=2.8.0,<3.0.0\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<4.0.0\|>=4.0.0,<4.1.0\|>=4.1.0,<4.2.0\|>=4.2.0,<4.3.0\|>=4.3.0,<4.4.0\|>=4.4.0,<4.4.51\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.31\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.3.8
Golf (Symfony)	CVE-2024-50343	Packagist Security Advisories		symfony/validator	high	CVE-2024-50343: Incorrect response from Validator when input ends with ` `...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.43\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.11\|>=7.0.0,<7.1.0\|>=7.1.0,<7.1.4
Golf (Symfony)	CVE-2013-4751	Packagist Security Advisories		symfony/validator	high	Validation metadata serialization and loss of information...	>=2.0.0,<2.0.24\|>=2.1.0,<2.1.12\|>=2.2.0,<2.2.5\|>=2.3.0,<2.3.3
Golf (Symfony)	CVE-2019-11325	Packagist Security Advisories		symfony/var-exporter	high	CVE-2019-11325: Fix escaping of strings in VarExporter...	>=4.2.0,<4.2.12\|>=4.3.0,<4.3.8
Golf (Symfony)	CVE-2026-45304	Packagist Security Advisories		symfony/yaml	high	CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collecti...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2026-45305	Packagist Security Advisories		symfony/yaml	high	CVE-2026-45305: YAML Parser ReDoS via Catastrophic Backtracking in Parser::clean...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2026-45133	Packagist Security Advisories		symfony/yaml	high	CVE-2026-45133: YAML Parser Stack Exhaustion via Unbounded Recursion in Nested B...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2013-1397	Packagist Security Advisories		symfony/yaml	high	Ability to enable/disable object support in YAML parsing and dumping...	>=2.0.0,<2.0.22\|>=2.1.0,<2.1.7
Golf (Symfony)	CVE-2013-1348	Packagist Security Advisories		symfony/yaml	high	Ability to enable/disable PHP parsing in Yaml::parse()...	>=2.0.0,<2.0.22
Golf (Symfony)	CVE-2026-48808	Packagist Security Advisories		twig/twig	high	Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInt...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.27.0
Golf (Symfony)	CVE-2026-48805	Packagist Security Advisories		twig/twig	high	Sandbox state regression in deprecated internal wrappers in `src/Resources/core....	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.27.0
Golf (Symfony)	CVE-2026-46636	Packagist Security Advisories		twig/twig	high	Sandbox filter, tag and function allow-list bypass when sandbox state changes be...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.27.0
Golf (Symfony)	CVE-2026-48806	Packagist Security Advisories		twig/twig	high	Sandbox `__toString()` policy bypass via dynamic mapping keys...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.27.0
Golf (Symfony)	CVE-2026-48807	Packagist Security Advisories		twig/twig	high	Sandbox `__toString()` policy bypass via `Traversable` in `join`/`replace` and `...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.27.0
Golf (Symfony)	CVE-2026-46640	Packagist Security Advisories		twig/twig	high	Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation...	>=3.15.0,<3.26.0
Golf (Symfony)	CVE-2026-46628	Packagist Security Advisories		twig/twig	high	The `spaceless` filter implicitly marks its output as safe...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.26.0
Golf (Symfony)	CVE-2026-46633	Packagist Security Advisories		twig/twig	high	PHP code injection via `{% use %}` template name...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.26.0
Golf (Symfony)	CVE-2026-47730	Packagist Security Advisories		twig/twig	high	XSS in profiler HtmlDumper via unescaped template and profile names...	>=3.0.0,<3.26.0
Golf (Symfony)	CVE-2026-46639	Packagist Security Advisories		twig/twig	high	Sandbox property and method bypass via object-destructuring assignment...	>=3.24.0,<3.26.0
Golf (Symfony)	CVE-2026-46627	Packagist Security Advisories		twig/twig	high	Sandbox does not protect against resource exhaustion...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.26.0
Golf (Symfony)	CVE-2026-46635	Packagist Security Advisories		twig/twig	high	Sandbox property allowlist bypass via the `column` filter (array_column on objec...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.26.0
Golf (Symfony)	CVE-2026-46638	Packagist Security Advisories		twig/twig	high	`{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomple...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.26.0
Golf (Symfony)	CVE-2026-24425	Packagist Security Advisories		twig/twig	high	Possible sandbox bypass when using a source policy...	>=2.16.0,<3.0.0\|>=3.9.0,<3.26.0
Golf (Symfony)	CVE-2026-47732	Packagist Security Advisories		twig/twig	high	Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion p...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.26.0
Golf (Symfony)	CVE-2026-46634	Packagist Security Advisories		twig/twig	high	`template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized t...	>=3.9.0,<3.26.0
Golf (Symfony)	CVE-2025-24374	Packagist Security Advisories		twig/twig	high	Missing output escaping for the null coalesce operator...	>=3.16.0,<3.19.0
Golf (Symfony)	CVE-2024-51754	Packagist Security Advisories		twig/twig	high	Unguarded calls to __toString() when nesting an object into an array...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.11.2\|>=3.12.0,<3.14.1
Golf (Symfony)	CVE-2024-51755	Packagist Security Advisories		twig/twig	high	Unguarded calls to __isset() and to array-accesses when the sandbox is enabled...	>=1.0.0,<2.0.0\|>=2.0.0,<3.0.0\|>=3.0.0,<3.11.2\|>=3.12.0,<3.14.1
Golf (Symfony)	CVE-2024-45411	Packagist Security Advisories		twig/twig	high	Possible sandbox bypass...	>=1.0.0,<1.44.7\|>=2.0.0,<2.16.0\|>=3.0.0,<3.11.0\|>=3.12.0,<3.14.0
Golf (Symfony)	CVE-2022-39261	Packagist Security Advisories		twig/twig	high	Possibility to load a template outside a configured directory when using the fil...	>=1.0.0,<1.44.7\|>=2.0.0,<2.15.3\|>=3.0.0,<3.4.3
Golf (Symfony)	CVE-2022-23614	Packagist Security Advisories		twig/twig	high	Disallow non closures in the sort filter...	>=2.0.0,<2.14.11\|>=3.0.0,<3.3.8
Golf (Symfony)	CVE-2019-9942	Packagist Security Advisories		twig/twig	high	Sandbox Information Disclosure...	<1.38.0\|>=2.0.0,<2.7.0
Golf (Symfony)	CVE-2015-7809	Packagist Security Advisories		twig/twig	high	Remote code execution in templates...	<1.20.0
Golf (Symfony)	CVE-2026-41570	Packagist Security Advisories		phpunit/phpunit	high	Argument injection via newline in PHP INI values forwarded to child processes...	>=12.5.21,<12.5.22\|>=13.1.5,<13.1.6
Golf (Symfony)	CVE-2026-24765	Packagist Security Advisories		phpunit/phpunit	high	Unsafe Deserialization in PHPT Code Coverage Handling...	>=0,<8.5.52\|>=9.0.0,<9.6.33\|>=10.0.0,<10.5.62\|>=11.0.0,<11.5.50\|>=12.0.0,<12.5.8
Golf (Symfony)	CVE-2017-9841	Packagist Security Advisories		phpunit/phpunit	high	RCE vulnerability in phpunit...	>=5.0.10,<5.6.3\|>=4.8.19,<4.8.28
Golf (Symfony)	CVE-2026-45071	Packagist Security Advisories		symfony/dom-crawler	high	CVE-2026-45071: XXE (Local File Disclosure) in DomCrawler::addXmlContent() via v...	>=2.0.0,<3.0.0\|>=3.0.0,<4.0.0\|>=4.0.0,<5.0.0\|>=5.0.0,<5.1.0\|>=5.1.0,<5.2.0\|>=5.2.0,<5.3.0\|>=5.3.0,<5.4.0\|>=5.4.0,<5.4.52\|>=6.0.0,<6.1.0\|>=6.1.0,<6.2.0\|>=6.2.0,<6.3.0\|>=6.3.0,<6.4.0\|>=6.4.0,<6.4.40\|>=7.0.0,<7.1.0\|>=7.1.0,<7.2.0\|>=7.2.0,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2021-21424	Packagist Security Advisories		symfony/maker-bundle	high	CVE-2021-21424: Prevent user enumeration via response content in authentication ...	>=1.27.0,<1.28.0\|>=1.28.0,<1.29.0\|>=1.29.0,<1.29.2\|>=1.30.0,<1.31.0\|>=1.31.0,<1.31.1
Golf (Symfony)	CVE-2019-10912	Packagist Security Advisories		symfony/phpunit-bridge	high	CVE-2019-10912: Prevent destructors with side-effects from being unserialized...	>=2.8.0,<2.8.50\|>=3.0.0,<3.1.0\|>=3.1.0,<3.2.0\|>=3.2.0,<3.3.0\|>=3.3.0,<3.4.0\|>=3.4.0,<3.4.26\|>=4.0.0,<4.1.0\|>=4.1.0,<4.1.12\|>=4.2.0,<4.2.7
Golf (Symfony)	CVE-2026-45072	Packagist Security Advisories		symfony/web-profiler-bundle	high	CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescape...	>=7.2.9,<7.3.0\|>=7.3.0,<7.4.0\|>=7.4.0,<7.4.12\|>=8.0.0,<8.0.12
Golf (Symfony)	CVE-2014-6072	Packagist Security Advisories		symfony/web-profiler-bundle	high	CSRF vulnerability in the Web Profiler...	>=2.0.0,<2.1.0\|>=2.1.0,<2.2.0\|>=2.2.0,<2.3.0\|>=2.3.0,<2.3.19\|>=2.4.0,<2.4.9\|>=2.5.0,<2.5.4
Golf (Symfony)	CVE-2026-5773	Trivy image	debian	curl	high	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse...	N/A
Golf (Symfony)	CVE-2026-6276	Trivy image	debian	curl	high	curl: libcurl: Information disclosure due to cookie leak when reusing connection...	N/A
Golf (Symfony)	CVE-2026-5773	Trivy image	debian	libcurl4t64	high	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse...	N/A
Golf (Symfony)	CVE-2026-6276	Trivy image	debian	libcurl4t64	high	curl: libcurl: Information disclosure due to cookie leak when reusing connection...	N/A
Golf (Symfony)	CVE-2026-40356	Trivy image	debian	libgssapi-krb5-2	high	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-...	1.21.3-5+deb13u1
Golf (Symfony)	CVE-2026-40356	Trivy image	debian	libk5crypto3	high	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-...	1.21.3-5+deb13u1
Golf (Symfony)	CVE-2026-40356	Trivy image	debian	libkrb5-3	high	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-...	1.21.3-5+deb13u1
Golf (Symfony)	CVE-2026-40356	Trivy image	debian	libkrb5support0	high	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-...	1.21.3-5+deb13u1
Golf (Symfony)	CVE-2026-42497	Trivy image	debian	libperl5.40	high	Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ......	N/A
Golf (Symfony)	CVE-2026-48962	Trivy image	debian	libperl5.40	high	perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-contro...	N/A
Golf (Symfony)	CVE-2026-9538	Trivy image	debian	libperl5.40	high	Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ......	N/A
Golf (Symfony)	CVE-2026-7598	Trivy image	debian	libssh2-1t64	high	libssh2: integer overflow via large username or password arguments...	N/A
Golf (Symfony)	CVE-2025-69720	Trivy image	debian	libtinfo6	high	ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execu...	N/A
Golf (Symfony)	CVE-2026-6732	Trivy image	debian	libxml2	high	libxml2: libxml2: Denial of Service via crafted XSD-validated document...	N/A
Golf (Symfony)	CVE-2013-7445	Trivy image	debian	linux-libc-dev	high	kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects...	N/A
Golf (Symfony)	CVE-2019-19449	Trivy image	debian	linux-libc-dev	high	kernel: mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds ...	N/A
Golf (Symfony)	CVE-2019-19814	Trivy image	debian	linux-libc-dev	high	kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c...	N/A
Golf (Symfony)	CVE-2021-3847	Trivy image	debian	linux-libc-dev	high	kernel: low-privileged user privileges escalation...	N/A
Golf (Symfony)	CVE-2021-3864	Trivy image	debian	linux-libc-dev	high	kernel: descendant's dumpable setting with certain SUID binaries...	N/A
Golf (Symfony)	CVE-2024-21803	Trivy image	debian	linux-libc-dev	high	kernel: bluetooth: use-after-free vulnerability in af_bluetooth.c...	N/A
Golf (Symfony)	CVE-2024-58015	Trivy image	debian	linux-libc-dev	high	kernel: wifi: ath12k: Fix for out-of bound access error...	N/A
Golf (Symfony)	CVE-2024-58093	Trivy image	debian	linux-libc-dev	high	kernel: Linux kernel: PCI/ASPM use-after-free during hot-unplug...	N/A
Golf (Symfony)	CVE-2025-22104	Trivy image	debian	linux-libc-dev	high	kernel: ibmvnic: Use kernel helpers for hex dumps...	N/A
Golf (Symfony)	CVE-2025-38137	Trivy image	debian	linux-libc-dev	high	kernel: PCI/pwrctrl: Cancel outstanding rescan work when unregistering...	N/A
Golf (Symfony)	CVE-2025-38187	Trivy image	debian	linux-libc-dev	high	kernel: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()...	N/A
Golf (Symfony)	CVE-2025-38204	Trivy image	debian	linux-libc-dev	high	kernel: jfs: fix array-index-out-of-bounds read in add_missing_indices...	N/A
Golf (Symfony)	CVE-2025-38206	Trivy image	debian	linux-libc-dev	high	kernel: Kernel: Double free vulnerability in exFAT filesystem can lead to denial...	N/A
Golf (Symfony)	CVE-2025-38421	Trivy image	debian	linux-libc-dev	high	kernel: platform/x86/amd: pmf: Use device managed allocations...	N/A
Golf (Symfony)	CVE-2025-38636	Trivy image	debian	linux-libc-dev	high	kernel: rv: Use strings in da monitors tracepoints...	N/A
Golf (Symfony)	CVE-2025-39859	Trivy image	debian	linux-libc-dev	high	kernel: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog...	N/A
Golf (Symfony)	CVE-2025-39862	Trivy image	debian	linux-libc-dev	high	kernel: wifi: mt76: mt7915: fix list corruption after hardware restart...	N/A
Golf (Symfony)	CVE-2025-39958	Trivy image	debian	linux-libc-dev	high	kernel: iommu/s390: Make attach succeed when the device was surprise removed...	N/A
Golf (Symfony)	CVE-2026-23102	Trivy image	debian	linux-libc-dev	high	kernel: Linux kernel: Denial of Service due to incorrect SVE context restoration...	N/A
Golf (Symfony)	CVE-2026-23171	Trivy image	debian	linux-libc-dev	high	kernel: Linux kernel: Use-after-free in bonding module can cause system crash or...	6.12.90-1
Golf (Symfony)	CVE-2026-23208	Trivy image	debian	linux-libc-dev	high	kernel: ALSA: usb-audio: Prevent excessive number of frames...	N/A
Golf (Symfony)	CVE-2026-23327	Trivy image	debian	linux-libc-dev	high	kernel: cxl/mbox: validate payload size before accessing contents in cxl_payload...	N/A
Golf (Symfony)	CVE-2026-31493	Trivy image	debian	linux-libc-dev	high	kernel: RDMA/efa: Fix use of completion ctx after free...	N/A
Golf (Symfony)	CVE-2026-31568	Trivy image	debian	linux-libc-dev	high	kernel: s390/mm: Add missing secure storage access fixups for donated memory...	N/A
Golf (Symfony)	CVE-2026-31663	Trivy image	debian	linux-libc-dev	high	kernel: xfrm: hold dev ref until after transport_finish NF_HOOK...	N/A
Golf (Symfony)	CVE-2026-31688	Trivy image	debian	linux-libc-dev	high	kernel: driver core: enforce device_lock for driver_match_device()...	N/A
Golf (Symfony)	CVE-2026-43198	Trivy image	debian	linux-libc-dev	high	kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()...	N/A
Golf (Symfony)	CVE-2026-43494	Trivy image	debian	linux-libc-dev	high	kernel: net/rds: reset op_nents when zerocopy page pin fails...	6.12.90-2
Golf (Symfony)	CVE-2026-43503	Trivy image	debian	linux-libc-dev	high	kernel: net: skbuff: propagate shared-frag marker through frag-transfer helpers...	6.12.90-1
Golf (Symfony)	CVE-2026-45932	Trivy image	debian	linux-libc-dev	high	kernel: bpf: Fix tcx/netkit detach permissions when prog fd isn't given...	N/A
Golf (Symfony)	CVE-2026-46054	Trivy image	debian	linux-libc-dev	high	kernel: selinux: fix overlayfs mmap() and mprotect() access checks...	N/A
Golf (Symfony)	CVE-2026-46117	Trivy image	debian	linux-libc-dev	high	kernel: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()...	N/A
Golf (Symfony)	CVE-2026-46181	Trivy image	debian	linux-libc-dev	high	kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()...	N/A
Golf (Symfony)	CVE-2026-46209	Trivy image	debian	linux-libc-dev	high	kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init...	6.12.90-1
Golf (Symfony)	CVE-2026-46227	Trivy image	debian	linux-libc-dev	high	kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDAL...	6.12.90-1
Golf (Symfony)	CVE-2026-46300	Trivy image	debian	linux-libc-dev	high	kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM lea...	6.12.90-1
Golf (Symfony)	CVE-2025-69720	Trivy image	debian	ncurses-base	high	ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execu...	N/A
Golf (Symfony)	CVE-2025-69720	Trivy image	debian	ncurses-bin	high	ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execu...	N/A
Golf (Symfony)	CVE-2026-42497	Trivy image	debian	perl	high	Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ......	N/A
Golf (Symfony)	CVE-2026-48962	Trivy image	debian	perl	high	perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-contro...	N/A
Golf (Symfony)	CVE-2026-9538	Trivy image	debian	perl	high	Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ......	N/A
Golf (Symfony)	CVE-2026-42497	Trivy image	debian	perl-base	high	Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ......	N/A
Golf (Symfony)	CVE-2026-48962	Trivy image	debian	perl-base	high	perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-contro...	N/A
Golf (Symfony)	CVE-2026-9538	Trivy image	debian	perl-base	high	Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ......	N/A
Golf (Symfony)	CVE-2026-42497	Trivy image	debian	perl-modules-5.40	high	Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ......	N/A
Golf (Symfony)	CVE-2026-48962	Trivy image	debian	perl-modules-5.40	high	perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-contro...	N/A
Golf (Symfony)	CVE-2026-9538	Trivy image	debian	perl-modules-5.40	high	Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ......	N/A
Golf (Symfony)	DOCKERFILE-ROOT-USER	Dockerfile static checks		dockerfile	high	Container runs as root user...	N/A
Hugo Scraper API (Salesforce Integration)	CVE-2026-33846	Trivy image	debian	libgnutls30	high	gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fra...	3.7.9-2+deb12u7
Hugo Scraper API (Salesforce Integration)	CVE-2026-3833	Trivy image	debian	libgnutls30	high	gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison...	3.7.9-2+deb12u7
Hugo Scraper API (Salesforce Integration)	CVE-2026-42009	Trivy image	debian	libgnutls30	high	gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability...	3.7.9-2+deb12u7
Hugo Scraper API (Salesforce Integration)	CVE-2026-40356	Trivy image	debian	libgssapi-krb5-2	high	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-...	1.20.1-2+deb12u5
Hugo Scraper API (Salesforce Integration)	CVE-2026-40356	Trivy image	debian	libk5crypto3	high	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-...	1.20.1-2+deb12u5
Hugo Scraper API (Salesforce Integration)	CVE-2026-40356	Trivy image	debian	libkrb5-3	high	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-...	1.20.1-2+deb12u5
Hugo Scraper API (Salesforce Integration)	CVE-2026-40356	Trivy image	debian	libkrb5support0	high	krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-...	1.20.1-2+deb12u5
Hugo Scraper API (Salesforce Integration)	CVE-2025-69720	Trivy image	debian	libncursesw6	high	ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execu...	N/A
Hugo Scraper API (Salesforce Integration)	CVE-2025-69720	Trivy image	debian	libtinfo6	high	ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execu...	N/A
Hugo Scraper API (Salesforce Integration)	CVE-2025-69720	Trivy image	debian	ncurses-base	high	ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execu...	N/A
Hugo Scraper API (Salesforce Integration)	CVE-2025-69720	Trivy image	debian	ncurses-bin	high	ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execu...	N/A
Hugo Scraper API (Salesforce Integration)	CVE-2026-42497	Trivy image	debian	perl-base	high	Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ......	N/A
Hugo Scraper API (Salesforce Integration)	CVE-2026-48962	Trivy image	debian	perl-base	high	perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-contro...	N/A
Hugo Scraper API (Salesforce Integration)	CVE-2026-9538	Trivy image	debian	perl-base	high	Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ......	N/A
Hugo Scraper API (Salesforce Integration)	CVE-2026-23949	Trivy image	python-pkg	jaraco.context	high	jaraco.context: jaraco.context: Path traversal via malicious tar archives...	6.1.0
Hugo Scraper API (Salesforce Integration)	CVE-2026-24049	Trivy image	python-pkg	wheel	high	wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious whe...	0.46.2
Hugo Scraper API (Salesforce Integration)	CVE-2026-24049	Trivy image	python-pkg	wheel	high	wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious whe...	0.46.2
Hugo Scraper API (Salesforce Integration)	DOCKERFILE-ROOT-USER	Dockerfile static checks		dockerfile	high	Container runs as root user...	N/A
Hugo Scraper API (Salesforce Integration)	HELM-NO-RUN-AS-NON-ROOT	HelmScanner		helm-values	high	Container not configured to run as non-root...	configured
PovCom WordPress	HELM-NO-RUN-AS-NON-ROOT	HelmScanner		helm-values	high	Container not configured to run as non-root...	configured
Product CMS (Strapi)	CVE-2024-21538	Trivy image	node-pkg	cross-spawn	high	cross-spawn: regular expression denial of service...	7.0.5, 6.0.6
Product CMS (Strapi)	CVE-2025-64756	Trivy image	node-pkg	glob	high	glob: glob: Command Injection Vulnerability via Malicious Filenames...	11.1.0, 10.5.0
Product CMS (Strapi)	CVE-2026-26996	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service via specially crafted glob patterns...	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Product CMS (Strapi)	CVE-2026-27903	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking ...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Product CMS (Strapi)	CVE-2026-27904	Trivy image	node-pkg	minimatch	high	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob ex...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Product CMS (Strapi)	CVE-2026-23745	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsa...	7.5.3
Product CMS (Strapi)	CVE-2026-23950	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision rac...	7.5.4
Product CMS (Strapi)	CVE-2026-24842	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in ha...	7.5.7
Product CMS (Strapi)	CVE-2026-26960	Trivy image	node-pkg	tar	high	node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink cre...	7.5.8
Product CMS (Strapi)	CVE-2026-29786	Trivy image	node-pkg	tar	high	node-tar: hardlink path traversal via drive-relative linkpath...	7.5.10
Product CMS (Strapi)	CVE-2026-31802	Trivy image	node-pkg	tar	high	tar: tar: File overwrite via drive-relative symlink traversal...	7.5.11
Product CMS (Strapi)	DOCKERFILE-ROOT-USER	Dockerfile static checks		dockerfile	high	Container runs as root user...	N/A
Product CMS (Strapi)	HELM-NO-RUN-AS-NON-ROOT	HelmScanner		helm-values	high	Container not configured to run as non-root...	configured
SRO WordPress 2021-2	HELM-NO-RUN-AS-NON-ROOT	HelmScanner		helm-values	high	Container not configured to run as non-root...	configured
SURI WordPress 2025	HELM-NO-RUN-AS-NON-ROOT	HelmScanner		helm-values	high	Container not configured to run as non-root...	configured
Sběr účtů pro cashback	CVE-2024-21538	Trivy image	node-pkg	cross-spawn	high	cross-spawn: regular expression denial of service...	7.0.5, 6.0.6
Sběr účtů pro cashback	CVE-2025-64756	Trivy image	node-pkg	glob	high	glob: glob: Command Injection Vulnerability via Malicious Filenames...	11.1.0, 10.5.0
Sběr účtů pro cashback	CVE-2026-26996	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service via specially crafted glob patterns...	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Sběr účtů pro cashback	CVE-2026-27903	Trivy image	node-pkg	minimatch	high	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking ...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Sběr účtů pro cashback	CVE-2026-27904	Trivy image	node-pkg	minimatch	high	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob ex...	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Sběr účtů pro cashback	CVE-2026-23745	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsa...	7.5.3
Sběr účtů pro cashback	CVE-2026-23950	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision rac...	7.5.4
Sběr účtů pro cashback	CVE-2026-24842	Trivy image	node-pkg	tar	high	node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in ha...	7.5.7
Sběr účtů pro cashback	CVE-2026-26960	Trivy image	node-pkg	tar	high	node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink cre...	7.5.8
Sběr účtů pro cashback	CVE-2026-29786	Trivy image	node-pkg	tar	high	node-tar: hardlink path traversal via drive-relative linkpath...	7.5.10
Sběr účtů pro cashback	CVE-2026-31802	Trivy image	node-pkg	tar	high	tar: tar: File overwrite via drive-relative symlink traversal...	7.5.11
Sběr účtů pro cashback	HELM-NO-RUN-AS-NON-ROOT	HelmScanner		helm-values	high	Container not configured to run as non-root...	configured

🛡️ Security Monitor Dashboard

Bikeplan.cz (Symfony)

Golf (Symfony)

Hugo Scraper API (Salesforce Integration)

CSAT Project (Survey Tool)

Car KK

FQ Majetek

CSAT pro KS

Product CMS (Strapi)

Aplikace výpovědi

Sběr účtů pro cashback

SRO WordPress 2021-2

PovCom WordPress

SURI WordPress 2025

Pet KK (Mazlíčci)

Shift Manager (Callcentrum)

Critical & High Vulnerabilities