| CVE-2026-46633 |
critical |
— |
9.5 |
|
|
|
9d ago |
Twig: PHP code injection via `{% use %}` template name |
| CVE-2026-24425 |
high |
8.8 |
8.8 |
|
|
|
9d ago |
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PH… |
| CVE-2026-46640 |
high |
— |
8.0 |
|
|
|
9d ago |
Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation |
| CVE-2026-46639 |
high |
— |
8.0 |
|
|
|
9d ago |
Twig: Sandbox property and method bypass via object-destructuring assignment |
| CVE-2026-46635 |
low |
— |
2.5 |
|
|
|
9d ago |
Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects) |
| CVE-2026-46628 |
low |
— |
2.5 |
|
|
|
9d ago |
Twig: The `spaceless` filter implicitly marks its output as safe |
| CVE-2026-48808 |
unknown |
— |
— |
|
|
|
1d ago |
Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface` |
| CVE-2026-46636 |
unknown |
— |
— |
|
|
|
1d ago |
Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders |
| CVE-2026-48805 |
unknown |
— |
— |
|
|
|
1d ago |
Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php` |
| CVE-2026-48806 |
unknown |
— |
— |
|
|
|
1d ago |
Sandbox `__toString()` policy bypass via dynamic mapping keys |
| CVE-2026-48807 |
unknown |
— |
— |
|
|
|
1d ago |
Sandbox `__toString()` policy bypass via `Traversable` in `join`/`replace` and `in`/`not in` operators |
| CVE-2026-46627 |
unknown |
— |
— |
|
|
|
9d ago |
Sandbox does not protect against resource exhaustion |
| CVE-2026-47730 |
unknown |
— |
— |
|
|
|
9d ago |
XSS in profiler HtmlDumper via unescaped template and profile names |
| CVE-2026-47732 |
unknown |
— |
— |
|
|
|
9d ago |
Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points |
| CVE-2025-24374 |
unknown |
— |
— |
|
|
|
1y ago |
Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0. |
| CVE-2024-51755 |
unknown |
— |
— |
|
|
|
2y ago |
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property polic… |
| CVE-2024-51754 |
unknown |
— |
— |
|
|
|
2y ago |
Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of … |
| CVE-2024-45411 |
unknown |
— |
— |
|
|
|
2y ago |
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability i… |
| CVE-2022-39261 |
unknown |
— |
— |
|
|
|
4y ago |
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a us… |
| CVE-2022-23614 |
unknown |
— |
— |
|
|
|
4y ago |
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In… |