Package impact
COMPOSER / twig/twig
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46633 | critical | — | 9.5 | 11d ago | Twig: PHP code injection via `{% use %}` template name | |||
| CVE-2026-46639 | high | — | 8.0 | 11d ago | Twig: Sandbox property and method bypass via object-destructuring assignment | |||
| CVE-2026-46640 | high | — | 8.0 | 11d ago | Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation |