VIR Vulnerability Intelligence Relay

Package impact

php Packagist / twig/twig

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-46633 critical 9.5 9d ago Twig: PHP code injection via `{% use %}` template name debianphp
CVE-2026-24425 high 8.8 8.8 9d ago Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PH… debianphp
CVE-2026-46639 high 8.0 9d ago Twig: Sandbox property and method bypass via object-destructuring assignment debianphp
CVE-2026-46640 high 8.0 9d ago Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation debianphp
CVE-2015-7809 medium 6.8 11y ago Twig remote code execution in templates php
CVE-2026-46634 medium 5.5 9d ago Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name debianphp
CVE-2026-46638 medium 5.5 9d ago Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411) debianphp