symfony/ux-autocomplete Security Advisories for v2.6.1 (3)
-
symfony/ux-autocomplete Information exposure via unescaped LIKE wildcards in EntitySearchUtil
PKSA-msh7-gxqk-k56q CVE-2026-49211
Affected version: >=2.2.0,<2.36.0|>=3.0.0,<3.1.0
Reported by:
FriendsOfPHP/security-advisories -
symfony/ux-autocomplete XSS via unescaped AJAX response data
PKSA-q7f1-2s55-5c1z CVE-2026-49216
Affected version: >=2.2.0,<2.36.0|>=3.0.0,<3.1.0
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] symfony/ux-autocomplete Prevent injection of invalid entity ids for "autocomplete" fields
PKSA-zd85-xqcq-9zb8 CVE-2023-41336 GHSA-4cpv-669c-r79x
Affected version: <2.11.2
Reported by:
GitHub, FriendsOfPHP/security-advisories