Twigphp Twig
7 CVEs affecting Twigphp Twig. Latest disclosed: 2026-05-20. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-24425 | High | 8.8 | 2026-05-20 | Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template ren… |
CVE-2022-23614 | High | 8.8 | 2022-02-04 | Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being… |
CVE-2024-45411 | High | 8.6 | 2024-09-09 | Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sa… |
CVE-2022-39261 | High | 7.5 | 2022-09-28 | Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader lo… |
CVE-2025-24374 | Medium | 4.3 | 2025-01-29 | Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerab… |
CVE-2024-51754 | Low | 2.2 | 2024-11-06 | Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the sec… |
CVE-2024-51755 | Low | 2.2 | 2024-11-06 | Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. The… |