symfony security advisories
2 threat alerts tracking vulnerabilities and security advisories that affect symfony products.
Vulnios monitors symfony CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent symfony security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-46633 — symfony — twig
Twig is a template language for PHP. Prior to 3.26.0, Compiler::string() does not escape single quotes when a template name from a {% use %} tag is placed inside a PHP single-quoted string literal, al
criticalCVE-2026-46633Critical Vulnerability: CVE-2026-46634 — symfony — twig
Twig is a template language for PHP. From 3.9.0 until 3.26.0, template_from_string() compiles an inner template under a synthesized __string_template__<hash> name that can fall outside a SourcePolicyI
criticalCVE-2026-46634
Track symfony exposure across your environment
Vulnios automatically cross-references your asset inventory against new symfony CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan