Browse all 6 CVE security advisories affecting twigphp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
TwigPHP is a templating engine for PHP primarily used for separating application logic from presentation in web development. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input handling and sandbox bypasses. The project maintains a security-focused approach with regular updates, though past incidents like CVE-2022-41738 (RCE via sandbox escape) highlight ongoing risks. With six CVEs recorded, TwigPHP remains a critical component requiring strict input validation and timely patching to prevent potential compromises in applications relying on its templating capabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-24374 | Twig fixes a security issue where escaping was missing when using null coalesce operator (??) — TwigCWE-74 | 4.3 | Medium | 2025-01-29 |
| CVE-2024-51754 | Unguarded calls to __toString() when nesting an object into an array in Twig — TwigCWE-668 | 2.2 | Low | 2024-11-06 |
| CVE-2024-51755 | Unguarded calls to __isset() and to array-accesses when the sandbox is enabled in Twig — TwigCWE-668 | 2.2 | Low | 2024-11-06 |
| CVE-2024-45411 | Twig has a possible sandbox bypass — TwigCWE-693 | 8.6 | High | 2024-09-09 |
| CVE-2022-39261 | Twig may load a template outside a configured directory when using the filesystem loader — TwigCWE-22 | 7.5 | High | 2022-09-28 |
| CVE-2022-23614 | Code injection in Twig — TwigCWE-74 | 8.8 | High | 2022-02-04 |
This page lists every published CVE security advisory associated with twigphp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.