[HIGH] CVE-2022-23601: CSRF token missing in forms

PKSA-br8k-ghrn-5w34 CVE-2022-23601 GHSA-vvmr-8829-6whx

Affected version: >=5.3.14,<5.3.15|>=5.4.3,<5.4.4|>=6.0.3,<6.0.4

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] CVE-2019-10909: Escape validation messages in the PHP templating engine

PKSA-q2sm-x6px-qrth CVE-2019-10909 GHSA-g996-q5r8-w7g2

Affected version: >=2.7.0,<2.7.51|>=2.8.0,<2.8.50|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.26|>=4.0.0,<4.1.0|>=4.1.0,<4.1.12|>=4.2.0,<4.2.7

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] Code injection in the way Symfony implements translation caching in FrameworkBundle

PKSA-vhr9-kcbz-8dgv CVE-2014-4931 GHSA-wfv7-5x33-v22h

Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.3.18|>=2.4.0,<2.4.8|>=2.5.0,<2.5.2

Reported by:
GitHub, FriendsOfPHP/security-advisories