VIR Vulnerability Intelligence Relay

Package impact

php Packagist / twig/twig

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-46633 critical 9.5 8d ago Twig: PHP code injection via `{% use %}` template name debianphp
CVE-2015-7809 medium 6.8 11y ago Twig remote code execution in templates php
CVE-2026-46634 medium 5.5 8d ago Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name debianphp
CVE-2026-46638 medium 5.5 8d ago Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411) debianphp