Security
Headlines

Headlines Latest CVEs

Headline

GHSA-7cw6-7h3h-v8pf: Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact

We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map(…) override

Patches

Patched in 6.7.6.1

Workarounds

Install the security plugin

8 hours ago

#git #intel #php

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2026-23498

Shopware Has Improper Control of Generation of Code in Twig rendered views

High severity GitHub Reviewed Published Jan 14, 2026 in shopware/shopware • Updated Jan 14, 2026

Package

composer shopware/core (Composer)

Affected versions

>= 6.7.0.0, < 6.7.6.1

Description

Published to the GitHub Advisory Database

Jan 14, 2026

Last updated

Jan 14, 2026

EPSS score

ghsa: Latest News

GHSA-595p-g7xc-c333: Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

3 hours ago

GHSA-73rr-hh4g-fpgx: jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

3 hours ago

GHSA-mqqf-5wvp-8fh8: chi has an open redirect vulnerability in the RedirectSlashes middleware

4 hours ago

GHSA-qvr7-7g55-69xj: Pimcore Has an Incomplete Patch for CVE-2023-30848

4 hours ago

GHSA-g9mf-h72j-4rw9: Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

4 hours ago