HIGH8.8CVE-2026-24425Twig: Possible sandbox bypass when using a source policy from 0
from 0, < 2.14.3-1+deb11u1
from 0, < 2.14.3-1+deb11u1
HIGH8.5php-twig - security update
from 0, < 3.5.1-1+deb12u1
HIGH8.5php-twig - security update
from 0, < 2.14.3-1+deb11u3
HIGH8.5php-twig - security update
from 0, < 2.14.3-1+deb11u3
HIGH7.5php-twig - security update
from 0, < 2.14.3-1+deb11u2
HIGH7.5php-twig - security update
from 0, < 2.14.3-1+deb11u2
MEDIUM4.3Twig security issue where escaping was missing when using null coalesce operator
from 0
LOW2.2Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
from 0
LOW2.2php-twig - security update
from 0, < 2.14.3-1+deb11u4
LOW2.2php-twig - security update
from 0, < 2.14.3-1+deb11u4
—(no summary)
from 0
—(no summary)
from 0
—(no summary)
from 0
—(no summary)
from 0
—(no summary)
from 0
—Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points
from 0
—Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation
from 0
—Twig: Sandbox property and method bypass via object-destructuring assignment
from 0, < 3.26.0-1
—Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
from 0
—Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
from 0
—Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects)
from 0
—Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
from 0
—Twig: PHP code injection via `{% use %}` template name
from 0
—twig/intl-extra: Unbounded formatter memoisation in keyed on template-controlled arguments
from 0
—Twig: The `spaceless` filter implicitly marks its output as safe
from 0
—Twig: XSS in profiler HtmlDumper via unescaped template and profile names
from 0
—(no summary)
from 0