{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T09:31:43.573","vulnerabilities":[{"cve":{"id":"CVE-2025-24374","sourceIdentifier":"security-advisories@github.com","published":"2025-01-29T16:15:44.090","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0."},{"lang":"es","value":"Twig es un lenguaje de plantillas para PHP. Al utilizar el operador ??, no se podía escapar la salida de la expresión del lado izquierdo del operador. Esta vulnerabilidad se ha corregido en la versión 3.19.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/twigphp/Twig/commit/38576b12f05df3cc871bf68f39ccb46b418334a3","source":"security-advisories@github.com"},{"url":"https://github.com/twigphp/Twig/security/advisories/GHSA-3xg3-cgvq-2xwr","source":"security-advisories@github.com"}]}}]}