Symfony: 5.3.16 → 5.4.50
Symfony · upgrade impact · Official site ↗
Fixed by upgrading to 5.4.50 iVulnerabilities that affect 5.3.16 but no longer affect 5.4.50 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2025-64500 HIGH EPSS 6% ✓ cleared in 5.4.50 CVE-2023-46734 MEDIUM EPSS 3% ✓ cleared in 5.4.50 CVE-2024-51736 NONE EPSS 1% ✓ cleared in 5.4.50 CVE-2024-50345 LOW EPSS 0% ✓ cleared in 5.4.50 CVE-2022-24894 MEDIUM EPSS 0% ✓ cleared in 5.4.50 CVE-2022-24895 MEDIUM EPSS 0% ✓ cleared in 5.4.50Still open in 5.4.50 iKnown vulnerabilities that affect 5.4.50 too — upgrading to it does not clear these.
These affect 5.4.50 as well — a later release may be needed.
CVE-2026-24739 MEDIUM EPSS 0% → fixed in 8.0.5