symfony/ux-autocomplete

Packagist3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting symfony/ux-autocompletepage 1 of 1

CVE-2023-41336MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.11.2
2023-09-11
vulnerable: v2.10.0 ... v2.9.1 (15 versions)
ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed…
CVE-2026-49211MEDIUMCVSS 0.0EG 0.0✓ Fixed in 3.1.0
2026-06-19
vulnerable: v3.0.0
symfony/ux-autocomplete: Information exposure via unescaped LIKE wildcards in EntitySearchUtil ### Description `Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause()` builds the `LIKE` expression used by the autocomplete e…
CVE-2026-49216MEDIUMCVSS 0.0EG 0.0✓ Fixed in 3.1.0
2026-06-19
vulnerable: v3.0.0
symfony/ux-autocomplete: XSS via unescaped AJAX response data ### Description The Stimulus controller shipped with `symfony/ux-autocomplete` renders AJAX response items into the dropdown by interpolating the `text` field directly into HT…

Check whether symfony/ux-autocomplete is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for symfony/ux-autocomplete CVEs against the assets you own.

Start Free Scan →