Every CVE whose affected-product data names Symfony Twig, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2018-13818 — CVSS 9.8 (critical): Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig…
CVE-2026-24425 — CVSS 8.8 (high): Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows…
CVE-2022-23614 — CVSS 8.8 (high): Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to…
CVE-2024-45411 — CVSS 8.5 (high): Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed…
CVE-2001-1537 — CVSS 7.5 (high): The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies…
CVE-2022-39261 — CVSS 7.5 (high): Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the…
CVE-2015-7809 — CVSS 6.8 (medium): The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute…
CVE-2019-9942 — CVSS 3.7 (low): A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to…