Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
Twig has a possible sandbox bypass Moderate
CVE-2024-45411 was published for twig/twig (Composer) Sep 9, 2024
fabpot Credited to fabpot and stof stof stof
Twig has unguarded calls to `__toString()` when nesting an object into an array Low
CVE-2024-51754 was published for twig/twig (Composer) Nov 6, 2024
maantje Credited to maantje and fabpot fabpot fabpot
Twig security issue where escaping was missing when using null coalesce operator Moderate
CVE-2025-24374 was published for twig/twig (Composer) Jan 29, 2025
PhilETaylor Credited to PhilETaylor and fabpot fabpot fabpot
Twig: Possible sandbox bypass when using a source policy High
CVE-2026-24425 was published for twig/twig (Composer) Jun 5, 2026
fabpot Credited to fabpot, wsparks-vc, XavLimSG, and Vincent550102 wsparks-vc wsparks-vc
XavLimSG XavLimSG Vincent550102 Vincent550102
Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points High
CVE-2026-47732 was published for twig/twig (Composer) Jun 5, 2026
fabpot Credited to fabpot
Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php` Low
CVE-2026-48805 was published for twig/twig (Composer) Jun 30, 2026
fabpot Credited to fabpot
Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys Moderate
CVE-2026-48806 was published for twig/twig (Composer) Jun 30, 2026
fabpot Credited to fabpot
Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters Moderate
CVE-2026-48807 was published for twig/twig (Composer) Jun 30, 2026
fabpot Credited to fabpot
Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface` Moderate
CVE-2026-48808 was published for twig/twig (Composer) Jun 30, 2026
fabpot Credited to fabpot
fabpot Credited to fabpot
ProTip! Advisories are also available from the GraphQL API