All 6 CVE vulnerabilities found in Twig, with AI-generated Chinese analysis, references, and POCs.
Vendor: twigphp
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-24374 | Twig fixes a security issue where escaping was missing when using null coalesce operator (??) CWE-74 | 4.3 | Medium | 2025-01-29 |
| CVE-2024-51754 | Unguarded calls to __toString() when nesting an object into an array in Twig CWE-668 | 2.2 | Low | 2024-11-06 |
| CVE-2024-51755 | Unguarded calls to __isset() and to array-accesses when the sandbox is enabled in Twig CWE-668 | 2.2 | Low | 2024-11-06 |
| CVE-2024-45411 | Twig has a possible sandbox bypass CWE-693 | 8.6 | High | 2024-09-09 |
| CVE-2022-39261 | Twig may load a template outside a configured directory when using the filesystem loader CWE-22 | 7.5 | High | 2022-09-28 |
| CVE-2022-23614 | Code injection in Twig CWE-74 | 8.8 | High | 2022-02-04 |
All 6 known CVE vulnerabilities affecting Twig with full Chinese analysis, references, and POCs where available.