Security Advisories - symfony/twig-bridge - Packagist.org

symfony/twig-bridge Security Advisories for v6.4.25 (1)

[LOW] CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering

PKSA-11dz-rdmf-vfgt CVE-2026-45072 GHSA-hmr5-2xcr-v8pp

Affected version: >=6.4.24,<6.4.40

Reported by:
GitHub, FriendsOfPHP/security-advisories