{"url":"http://public2.vulnerablecode.io/api/packages/99331?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie","type":"deb","namespace":"debian","name":"php-twig","version":"3.5.1-1+deb12u3","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.8.0-4","latest_non_vulnerable_version":"3.27.1-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213226?format=json","vulnerability_id":"VCID-1696-td9u-rfhz","summary":"Twig: XSS in profiler HtmlDumper via unescaped template and profile names","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-47730","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11434","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11427","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-47730"},{"reference_url":"https://github.com/twigphp/Twig","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twigphp/Twig"},{"reference_url":"https://symfony.com/cve-2026-47730","reference_id":"CVE-2026-47730","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-47730"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-47730.yaml","reference_id":"CVE-2026-47730.YAML","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-47730.yaml"},{"reference_url":"https://github.com/advisories/GHSA-2g2g-8p8h-fgwm","reference_id":"GHSA-2g2g-8p8h-fgwm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2g2g-8p8h-fgwm"},{"reference_url":"https://github.com/twigphp/Twig/security/advisories/GHSA-2g2g-8p8h-fgwm","reference_id":"GHSA-2g2g-8p8h-fgwm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twigphp/Twig/security/advisories/GHSA-2g2g-8p8h-fgwm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99335?format=json","purl":"pkg:deb/debian/php-twig@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99324?format=json","purl":"pkg:deb/debian/php-twig@2.14.3-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gz2-ypah-a3h5"},{"vulnerability":"VCID-2xh3-h389-euft"},{"vulnerability":"VCID-6gnm-463a-ryd1"},{"vulnerability":"VCID-ej3q-wh2d-c7dp"},{"vulnerability":"VCID-fn89-2z7s-bbf3"},{"vulnerability":"VCID-k2h4-zuu9-pbfe"},{"vulnerability":"VCID-k8rw-ypuu-gkcw"},{"vulnerability":"VCID-qxwp-jbbe-jugm"},{"vulnerability":"VCID-xbrc-yrwh-dqaq"},{"vulnerability":"VCID-y3m4-y1rf-bbbn"},{"vulnerability":"VCID-yj87-u4zq-xkhn"},{"vulnerability":"VCID-z6z6-8t1r-bqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@2.14.3-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99322?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xh3-h389-euft"},{"vulnerability":"VCID-6gnm-463a-ryd1"},{"vulnerability":"VCID-ej3q-wh2d-c7dp"},{"vulnerability":"VCID-k8rw-ypuu-gkcw"},{"vulnerability":"VCID-qxwp-jbbe-jugm"},{"vulnerability":"VCID-xbrc-yrwh-dqaq"},{"vulnerability":"VCID-yj87-u4zq-xkhn"},{"vulnerability":"VCID-z6z6-8t1r-bqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99331?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99327?format=json","purl":"pkg:deb/debian/php-twig@3.20.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99336?format=json","purl":"pkg:deb/debian/php-twig@3.26.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.26.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99337?format=json","purl":"pkg:deb/debian/php-twig@3.27.0-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.0-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99326?format=json","purl":"pkg:deb/debian/php-twig@3.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-47730","GHSA-2g2g-8p8h-fgwm"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1696-td9u-rfhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211602?format=json","vulnerability_id":"VCID-1gz2-ypah-a3h5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46637","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19095","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19077","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46637"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46637","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46637"},{"reference_url":"https://github.com/twigphp/Twig","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twigphp/Twig"},{"reference_url":"https://symfony.com/cve-2026-46637","reference_id":"CVE-2026-46637","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-46637"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/cssinliner-extra/CVE-2026-46637.yaml","reference_id":"CVE-2026-46637.YAML","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/cssinliner-extra/CVE-2026-46637.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/markdown-extra/CVE-2026-46637.yaml","reference_id":"CVE-2026-46637.YAML","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/markdown-extra/CVE-2026-46637.yaml"},{"reference_url":"https://github.com/advisories/GHSA-jv8m-2544-3pg3","reference_id":"GHSA-jv8m-2544-3pg3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jv8m-2544-3pg3"},{"reference_url":"https://github.com/twigphp/Twig/security/advisories/GHSA-jv8m-2544-3pg3","reference_id":"GHSA-jv8m-2544-3pg3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twigphp/Twig/security/advisories/GHSA-jv8m-2544-3pg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99322?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xh3-h389-euft"},{"vulnerability":"VCID-6gnm-463a-ryd1"},{"vulnerability":"VCID-ej3q-wh2d-c7dp"},{"vulnerability":"VCID-k8rw-ypuu-gkcw"},{"vulnerability":"VCID-qxwp-jbbe-jugm"},{"vulnerability":"VCID-xbrc-yrwh-dqaq"},{"vulnerability":"VCID-yj87-u4zq-xkhn"},{"vulnerability":"VCID-z6z6-8t1r-bqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99331?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99327?format=json","purl":"pkg:deb/debian/php-twig@3.20.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99336?format=json","purl":"pkg:deb/debian/php-twig@3.26.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.26.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99337?format=json","purl":"pkg:deb/debian/php-twig@3.27.0-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.0-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99326?format=json","purl":"pkg:deb/debian/php-twig@3.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-46637","GHSA-jv8m-2544-3pg3"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gz2-ypah-a3h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35098?format=json","vulnerability_id":"VCID-9nta-9jrh-sbaz","summary":"Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51754","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33348","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33329","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33148","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51754"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2024-51754.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2024-51754.yaml"},{"reference_url":"https://github.com/twigphp/Twig","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twigphp/Twig"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00039.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51754","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51754"},{"reference_url":"https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086884","reference_id":"1086884","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086884"},{"reference_url":"https://github.com/twigphp/Twig/commit/2bb8c2460a2c519c498df9b643d5277117155a73","reference_id":"2bb8c2460a2c519c498df9b643d5277117155a73","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T19:40:22Z/"}],"url":"https://github.com/twigphp/Twig/commit/2bb8c2460a2c519c498df9b643d5277117155a73"},{"reference_url":"https://github.com/advisories/GHSA-6377-hfv9-hqf6","reference_id":"GHSA-6377-hfv9-hqf6","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6377-hfv9-hqf6"},{"reference_url":"https://github.com/twigphp/Twig/security/advisories/GHSA-6377-hfv9-hqf6","reference_id":"GHSA-6377-hfv9-hqf6","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T19:40:22Z/"}],"url":"https://github.com/twigphp/Twig/security/advisories/GHSA-6377-hfv9-hqf6"},{"reference_url":"https://usn.ubuntu.com/7456-1/","reference_id":"USN-7456-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7456-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99324?format=json","purl":"pkg:deb/debian/php-twig@2.14.3-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gz2-ypah-a3h5"},{"vulnerability":"VCID-2xh3-h389-euft"},{"vulnerability":"VCID-6gnm-463a-ryd1"},{"vulnerability":"VCID-ej3q-wh2d-c7dp"},{"vulnerability":"VCID-fn89-2z7s-bbf3"},{"vulnerability":"VCID-k2h4-zuu9-pbfe"},{"vulnerability":"VCID-k8rw-ypuu-gkcw"},{"vulnerability":"VCID-qxwp-jbbe-jugm"},{"vulnerability":"VCID-xbrc-yrwh-dqaq"},{"vulnerability":"VCID-y3m4-y1rf-bbbn"},{"vulnerability":"VCID-yj87-u4zq-xkhn"},{"vulnerability":"VCID-z6z6-8t1r-bqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@2.14.3-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99332?format=json","purl":"pkg:deb/debian/php-twig@2.14.3-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@2.14.3-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99322?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xh3-h389-euft"},{"vulnerability":"VCID-6gnm-463a-ryd1"},{"vulnerability":"VCID-ej3q-wh2d-c7dp"},{"vulnerability":"VCID-k8rw-ypuu-gkcw"},{"vulnerability":"VCID-qxwp-jbbe-jugm"},{"vulnerability":"VCID-xbrc-yrwh-dqaq"},{"vulnerability":"VCID-yj87-u4zq-xkhn"},{"vulnerability":"VCID-z6z6-8t1r-bqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99331?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99333?format=json","purl":"pkg:deb/debian/php-twig@3.14.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.14.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99327?format=json","purl":"pkg:deb/debian/php-twig@3.20.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99326?format=json","purl":"pkg:deb/debian/php-twig@3.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.1-1%3Fdistro=trixie"}],"aliases":["CVE-2024-51754","GHSA-6377-hfv9-hqf6"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nta-9jrh-sbaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211599?format=json","vulnerability_id":"VCID-fn89-2z7s-bbf3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46633","reference_id":"","reference_type":"","scores":[{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58516","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.585","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46633"},{"reference_url":"https://github.com/twigphp/Twig","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twigphp/Twig"},{"reference_url":"https://symfony.com/cve-2026-46633","reference_id":"CVE-2026-46633","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-46633"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-46633.yaml","reference_id":"CVE-2026-46633.YAML","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-46633.yaml"},{"reference_url":"https://github.com/advisories/GHSA-7p85-w9px-jpjp","reference_id":"GHSA-7p85-w9px-jpjp","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7p85-w9px-jpjp"},{"reference_url":"https://github.com/twigphp/Twig/security/advisories/GHSA-7p85-w9px-jpjp","reference_id":"GHSA-7p85-w9px-jpjp","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twigphp/Twig/security/advisories/GHSA-7p85-w9px-jpjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99322?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xh3-h389-euft"},{"vulnerability":"VCID-6gnm-463a-ryd1"},{"vulnerability":"VCID-ej3q-wh2d-c7dp"},{"vulnerability":"VCID-k8rw-ypuu-gkcw"},{"vulnerability":"VCID-qxwp-jbbe-jugm"},{"vulnerability":"VCID-xbrc-yrwh-dqaq"},{"vulnerability":"VCID-yj87-u4zq-xkhn"},{"vulnerability":"VCID-z6z6-8t1r-bqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99331?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99327?format=json","purl":"pkg:deb/debian/php-twig@3.20.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99336?format=json","purl":"pkg:deb/debian/php-twig@3.26.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.26.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99337?format=json","purl":"pkg:deb/debian/php-twig@3.27.0-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.0-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99326?format=json","purl":"pkg:deb/debian/php-twig@3.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-46633","GHSA-7p85-w9px-jpjp"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fn89-2z7s-bbf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211598?format=json","vulnerability_id":"VCID-k2h4-zuu9-pbfe","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46629","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17926","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17909","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46629"},{"reference_url":"https://github.com/twigphp/Twig","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twigphp/Twig"},{"reference_url":"https://symfony.com/cve-2026-46629","reference_id":"CVE-2026-46629","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-46629"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/intl-extra/CVE-2026-46629.yaml","reference_id":"CVE-2026-46629.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/intl-extra/CVE-2026-46629.yaml"},{"reference_url":"https://github.com/advisories/GHSA-35wc-cvqg-78fp","reference_id":"GHSA-35wc-cvqg-78fp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-35wc-cvqg-78fp"},{"reference_url":"https://github.com/twigphp/Twig/security/advisories/GHSA-35wc-cvqg-78fp","reference_id":"GHSA-35wc-cvqg-78fp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twigphp/Twig/security/advisories/GHSA-35wc-cvqg-78fp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99322?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xh3-h389-euft"},{"vulnerability":"VCID-6gnm-463a-ryd1"},{"vulnerability":"VCID-ej3q-wh2d-c7dp"},{"vulnerability":"VCID-k8rw-ypuu-gkcw"},{"vulnerability":"VCID-qxwp-jbbe-jugm"},{"vulnerability":"VCID-xbrc-yrwh-dqaq"},{"vulnerability":"VCID-yj87-u4zq-xkhn"},{"vulnerability":"VCID-z6z6-8t1r-bqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99331?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99327?format=json","purl":"pkg:deb/debian/php-twig@3.20.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99336?format=json","purl":"pkg:deb/debian/php-twig@3.26.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.26.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99337?format=json","purl":"pkg:deb/debian/php-twig@3.27.0-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.0-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99326?format=json","purl":"pkg:deb/debian/php-twig@3.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-46629","GHSA-35wc-cvqg-78fp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2h4-zuu9-pbfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211597?format=json","vulnerability_id":"VCID-y3m4-y1rf-bbbn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46628","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17926","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17909","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46628"},{"reference_url":"https://github.com/twigphp/Twig","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twigphp/Twig"},{"reference_url":"https://symfony.com/cve-2026-46628","reference_id":"CVE-2026-46628","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2026-46628"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-46628.yaml","reference_id":"CVE-2026-46628.YAML","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2026-46628.yaml"},{"reference_url":"https://github.com/advisories/GHSA-4j38-f5cw-54h7","reference_id":"GHSA-4j38-f5cw-54h7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4j38-f5cw-54h7"},{"reference_url":"https://github.com/twigphp/Twig/security/advisories/GHSA-4j38-f5cw-54h7","reference_id":"GHSA-4j38-f5cw-54h7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twigphp/Twig/security/advisories/GHSA-4j38-f5cw-54h7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99322?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xh3-h389-euft"},{"vulnerability":"VCID-6gnm-463a-ryd1"},{"vulnerability":"VCID-ej3q-wh2d-c7dp"},{"vulnerability":"VCID-k8rw-ypuu-gkcw"},{"vulnerability":"VCID-qxwp-jbbe-jugm"},{"vulnerability":"VCID-xbrc-yrwh-dqaq"},{"vulnerability":"VCID-yj87-u4zq-xkhn"},{"vulnerability":"VCID-z6z6-8t1r-bqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99331?format=json","purl":"pkg:deb/debian/php-twig@3.5.1-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99327?format=json","purl":"pkg:deb/debian/php-twig@3.20.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.20.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99336?format=json","purl":"pkg:deb/debian/php-twig@3.26.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.26.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99337?format=json","purl":"pkg:deb/debian/php-twig@3.27.0-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.0-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99326?format=json","purl":"pkg:deb/debian/php-twig@3.27.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.27.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-46628","GHSA-4j38-f5cw-54h7"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3m4-y1rf-bbbn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-twig@3.5.1-1%252Bdeb12u3%3Fdistro=trixie"}