Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/99331?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/99331?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie", "type": "deb", "namespace": "debian", "name": "php-twig", "version": "3.5.1-1+deb12u3", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.8.0-4", "latest_non_vulnerable_version": "3.27.1-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/213226?format=api", "vulnerability_id": "VCID-1696-td9u-rfhz", "summary": "Twig: XSS in profiler HtmlDumper via unescaped template and profile names", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-47730", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11434", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-47730" }, { "reference_url": "https://github.com/twigphp/Twig", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twigphp/Twig" }, { "reference_url": "https://symfony.com/cve-2026-47730", "reference_id": "CVE-2026-47730", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2026-47730" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-47730.yaml", "reference_id": "CVE-2026-47730.YAML", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-47730.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-2g2g-8p8h-fgwm", "reference_id": "GHSA-2g2g-8p8h-fgwm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2g2g-8p8h-fgwm" }, { "reference_url": "https://github.com/twigphp/Twig/security/advisories/GHSA-2g2g-8p8h-fgwm", "reference_id": "GHSA-2g2g-8p8h-fgwm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-2g2g-8p8h-fgwm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99335?format=api", "purl": "pkg:deb/debian/php-twig@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99324?format=api", "purl": "pkg:deb/debian/php-twig@2.14.3-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gz2-ypah-a3h5" }, { "vulnerability": "VCID-2xh3-h389-euft" }, { "vulnerability": "VCID-6gnm-463a-ryd1" }, { "vulnerability": "VCID-ej3q-wh2d-c7dp" }, { "vulnerability": "VCID-fn89-2z7s-bbf3" }, { "vulnerability": "VCID-k2h4-zuu9-pbfe" }, { "vulnerability": "VCID-k8rw-ypuu-gkcw" }, { "vulnerability": "VCID-qxwp-jbbe-jugm" }, { "vulnerability": "VCID-xbrc-yrwh-dqaq" }, { "vulnerability": "VCID-y3m4-y1rf-bbbn" }, { "vulnerability": "VCID-yj87-u4zq-xkhn" }, { "vulnerability": "VCID-z6z6-8t1r-bqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@2.14.3-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99322?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xh3-h389-euft" }, { "vulnerability": "VCID-6gnm-463a-ryd1" }, { "vulnerability": "VCID-ej3q-wh2d-c7dp" }, { "vulnerability": "VCID-k8rw-ypuu-gkcw" }, { "vulnerability": "VCID-qxwp-jbbe-jugm" }, { "vulnerability": "VCID-xbrc-yrwh-dqaq" }, { "vulnerability": "VCID-yj87-u4zq-xkhn" }, { "vulnerability": "VCID-z6z6-8t1r-bqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99331?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99327?format=api", "purl": "pkg:deb/debian/php-twig@3.20.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.20.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99336?format=api", "purl": "pkg:deb/debian/php-twig@3.26.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.26.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99337?format=api", "purl": "pkg:deb/debian/php-twig@3.27.0-0%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.0-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99326?format=api", "purl": "pkg:deb/debian/php-twig@3.27.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-47730", "GHSA-2g2g-8p8h-fgwm" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1696-td9u-rfhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211602?format=api", "vulnerability_id": "VCID-1gz2-ypah-a3h5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19077", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46637" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46637", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46637" }, { "reference_url": "https://github.com/twigphp/Twig", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twigphp/Twig" }, { "reference_url": "https://symfony.com/cve-2026-46637", "reference_id": "CVE-2026-46637", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2026-46637" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/cssinliner-extra/CVE-2026-46637.yaml", "reference_id": "CVE-2026-46637.YAML", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/cssinliner-extra/CVE-2026-46637.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/markdown-extra/CVE-2026-46637.yaml", "reference_id": "CVE-2026-46637.YAML", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/markdown-extra/CVE-2026-46637.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-jv8m-2544-3pg3", "reference_id": "GHSA-jv8m-2544-3pg3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jv8m-2544-3pg3" }, { "reference_url": "https://github.com/twigphp/Twig/security/advisories/GHSA-jv8m-2544-3pg3", "reference_id": "GHSA-jv8m-2544-3pg3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-jv8m-2544-3pg3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99322?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xh3-h389-euft" }, { "vulnerability": "VCID-6gnm-463a-ryd1" }, { "vulnerability": "VCID-ej3q-wh2d-c7dp" }, { "vulnerability": "VCID-k8rw-ypuu-gkcw" }, { "vulnerability": "VCID-qxwp-jbbe-jugm" }, { "vulnerability": "VCID-xbrc-yrwh-dqaq" }, { "vulnerability": "VCID-yj87-u4zq-xkhn" }, { "vulnerability": "VCID-z6z6-8t1r-bqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99331?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99327?format=api", "purl": "pkg:deb/debian/php-twig@3.20.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.20.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99336?format=api", "purl": "pkg:deb/debian/php-twig@3.26.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.26.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99337?format=api", "purl": "pkg:deb/debian/php-twig@3.27.0-0%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.0-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99326?format=api", "purl": "pkg:deb/debian/php-twig@3.27.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-46637", "GHSA-jv8m-2544-3pg3" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1gz2-ypah-a3h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35098?format=api", "vulnerability_id": "VCID-9nta-9jrh-sbaz", "summary": "Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33148", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33329", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51754" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2024-51754.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2024-51754.yaml" }, { "reference_url": "https://github.com/twigphp/Twig", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twigphp/Twig" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00039.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51754", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51754" }, { "reference_url": "https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086884", "reference_id": "1086884", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086884" }, { "reference_url": "https://github.com/twigphp/Twig/commit/2bb8c2460a2c519c498df9b643d5277117155a73", "reference_id": "2bb8c2460a2c519c498df9b643d5277117155a73", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T19:40:22Z/" } ], "url": "https://github.com/twigphp/Twig/commit/2bb8c2460a2c519c498df9b643d5277117155a73" }, { "reference_url": "https://github.com/advisories/GHSA-6377-hfv9-hqf6", "reference_id": "GHSA-6377-hfv9-hqf6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6377-hfv9-hqf6" }, { "reference_url": "https://github.com/twigphp/Twig/security/advisories/GHSA-6377-hfv9-hqf6", "reference_id": "GHSA-6377-hfv9-hqf6", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T19:40:22Z/" } ], "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-6377-hfv9-hqf6" }, { "reference_url": "https://usn.ubuntu.com/7456-1/", "reference_id": "USN-7456-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7456-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99324?format=api", "purl": "pkg:deb/debian/php-twig@2.14.3-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gz2-ypah-a3h5" }, { "vulnerability": "VCID-2xh3-h389-euft" }, { "vulnerability": "VCID-6gnm-463a-ryd1" }, { "vulnerability": "VCID-ej3q-wh2d-c7dp" }, { "vulnerability": "VCID-fn89-2z7s-bbf3" }, { "vulnerability": "VCID-k2h4-zuu9-pbfe" }, { "vulnerability": "VCID-k8rw-ypuu-gkcw" }, { "vulnerability": "VCID-qxwp-jbbe-jugm" }, { "vulnerability": "VCID-xbrc-yrwh-dqaq" }, { "vulnerability": "VCID-y3m4-y1rf-bbbn" }, { "vulnerability": "VCID-yj87-u4zq-xkhn" }, { "vulnerability": "VCID-z6z6-8t1r-bqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@2.14.3-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99332?format=api", "purl": "pkg:deb/debian/php-twig@2.14.3-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@2.14.3-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99322?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xh3-h389-euft" }, { "vulnerability": "VCID-6gnm-463a-ryd1" }, { "vulnerability": "VCID-ej3q-wh2d-c7dp" }, { "vulnerability": "VCID-k8rw-ypuu-gkcw" }, { "vulnerability": "VCID-qxwp-jbbe-jugm" }, { "vulnerability": "VCID-xbrc-yrwh-dqaq" }, { "vulnerability": "VCID-yj87-u4zq-xkhn" }, { "vulnerability": "VCID-z6z6-8t1r-bqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99331?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99333?format=api", "purl": "pkg:deb/debian/php-twig@3.14.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.14.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99327?format=api", "purl": "pkg:deb/debian/php-twig@3.20.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.20.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99326?format=api", "purl": "pkg:deb/debian/php-twig@3.27.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-51754", "GHSA-6377-hfv9-hqf6" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nta-9jrh-sbaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211599?format=api", "vulnerability_id": "VCID-fn89-2z7s-bbf3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.585", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46633" }, { "reference_url": "https://github.com/twigphp/Twig", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twigphp/Twig" }, { "reference_url": "https://symfony.com/cve-2026-46633", "reference_id": "CVE-2026-46633", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2026-46633" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-46633.yaml", "reference_id": "CVE-2026-46633.YAML", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-46633.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7p85-w9px-jpjp", "reference_id": "GHSA-7p85-w9px-jpjp", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7p85-w9px-jpjp" }, { "reference_url": "https://github.com/twigphp/Twig/security/advisories/GHSA-7p85-w9px-jpjp", "reference_id": "GHSA-7p85-w9px-jpjp", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-7p85-w9px-jpjp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99322?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xh3-h389-euft" }, { "vulnerability": "VCID-6gnm-463a-ryd1" }, { "vulnerability": "VCID-ej3q-wh2d-c7dp" }, { "vulnerability": "VCID-k8rw-ypuu-gkcw" }, { "vulnerability": "VCID-qxwp-jbbe-jugm" }, { "vulnerability": "VCID-xbrc-yrwh-dqaq" }, { "vulnerability": "VCID-yj87-u4zq-xkhn" }, { "vulnerability": "VCID-z6z6-8t1r-bqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99331?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99327?format=api", "purl": "pkg:deb/debian/php-twig@3.20.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.20.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99336?format=api", "purl": "pkg:deb/debian/php-twig@3.26.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.26.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99337?format=api", "purl": "pkg:deb/debian/php-twig@3.27.0-0%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.0-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99326?format=api", "purl": "pkg:deb/debian/php-twig@3.27.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-46633", "GHSA-7p85-w9px-jpjp" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fn89-2z7s-bbf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211598?format=api", "vulnerability_id": "VCID-k2h4-zuu9-pbfe", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17909", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46629" }, { "reference_url": "https://github.com/twigphp/Twig", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twigphp/Twig" }, { "reference_url": "https://symfony.com/cve-2026-46629", "reference_id": "CVE-2026-46629", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2026-46629" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/intl-extra/CVE-2026-46629.yaml", "reference_id": "CVE-2026-46629.YAML", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/intl-extra/CVE-2026-46629.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-35wc-cvqg-78fp", "reference_id": "GHSA-35wc-cvqg-78fp", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-35wc-cvqg-78fp" }, { "reference_url": "https://github.com/twigphp/Twig/security/advisories/GHSA-35wc-cvqg-78fp", "reference_id": "GHSA-35wc-cvqg-78fp", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-35wc-cvqg-78fp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99322?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xh3-h389-euft" }, { "vulnerability": "VCID-6gnm-463a-ryd1" }, { "vulnerability": "VCID-ej3q-wh2d-c7dp" }, { "vulnerability": "VCID-k8rw-ypuu-gkcw" }, { "vulnerability": "VCID-qxwp-jbbe-jugm" }, { "vulnerability": "VCID-xbrc-yrwh-dqaq" }, { "vulnerability": "VCID-yj87-u4zq-xkhn" }, { "vulnerability": "VCID-z6z6-8t1r-bqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99331?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99327?format=api", "purl": "pkg:deb/debian/php-twig@3.20.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.20.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99336?format=api", "purl": "pkg:deb/debian/php-twig@3.26.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.26.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99337?format=api", "purl": "pkg:deb/debian/php-twig@3.27.0-0%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.0-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99326?format=api", "purl": "pkg:deb/debian/php-twig@3.27.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-46629", "GHSA-35wc-cvqg-78fp" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2h4-zuu9-pbfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211597?format=api", "vulnerability_id": "VCID-y3m4-y1rf-bbbn", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17909", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46628" }, { "reference_url": "https://github.com/twigphp/Twig", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twigphp/Twig" }, { "reference_url": "https://symfony.com/cve-2026-46628", "reference_id": "CVE-2026-46628", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2026-46628" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-46628.yaml", "reference_id": "CVE-2026-46628.YAML", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-46628.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-4j38-f5cw-54h7", "reference_id": "GHSA-4j38-f5cw-54h7", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4j38-f5cw-54h7" }, { "reference_url": "https://github.com/twigphp/Twig/security/advisories/GHSA-4j38-f5cw-54h7", "reference_id": "GHSA-4j38-f5cw-54h7", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twigphp/Twig/security/advisories/GHSA-4j38-f5cw-54h7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99322?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xh3-h389-euft" }, { "vulnerability": "VCID-6gnm-463a-ryd1" }, { "vulnerability": "VCID-ej3q-wh2d-c7dp" }, { "vulnerability": "VCID-k8rw-ypuu-gkcw" }, { "vulnerability": "VCID-qxwp-jbbe-jugm" }, { "vulnerability": "VCID-xbrc-yrwh-dqaq" }, { "vulnerability": "VCID-yj87-u4zq-xkhn" }, { "vulnerability": "VCID-z6z6-8t1r-bqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99331?format=api", "purl": "pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99327?format=api", "purl": "pkg:deb/debian/php-twig@3.20.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.20.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99336?format=api", "purl": "pkg:deb/debian/php-twig@3.26.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.26.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99337?format=api", "purl": "pkg:deb/debian/php-twig@3.27.0-0%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.0-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99326?format=api", "purl": "pkg:deb/debian/php-twig@3.27.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-46628", "GHSA-4j38-f5cw-54h7" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3m4-y1rf-bbbn" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie" }