Package impact
COMPOSER / twig/twig
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-46633 | critical | — | 9.5 | 8d ago | Twig: PHP code injection via `{% use %}` template name | |
| CVE-2026-46628 | low | — | 2.5 | 8d ago | Twig: The `spaceless` filter implicitly marks its output as safe | |
| CVE-2026-46635 | low | — | 2.5 | 8d ago | Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects) |