pkg:PyPI/jinja2

All known vulnerabilities

• HIGH8.8CVE-2025-27516Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
  from 0, < 3.1.6
• HIGH8.8CVE-2024-56201Jinja has a sandbox breakout through malicious filenames
  >= 3.0.0, < 3.1.5
• HIGH8.6CVE-2019-10906Jinja2 sandbox escape via string formatting
  from 0, < 2.10.1
• HIGH8.6CVE-2019-10906Jinja2 sandbox escape via string formatting
  from 0, < 2.10.1
• HIGH8.6CVE-2016-10745Jinja2 sandbox escape vulnerability
  from 0, < 2.8.1
• HIGH8.6CVE-2016-10745Jinja2 sandbox escape vulnerability
  from 0, < 9b53045c34e61013dc8f09b7e52a555fa16bed16 | from 0, < 2.8.1
• HIGH8.4CVE-2014-1402Incorrect Privilege Assignment in Jinja2
  from 0, < 2.7.2
• HIGH8.4CVE-2014-1402Incorrect Privilege Assignment in Jinja2
  from 0, < 2.7.2
• HIGH7.8CVE-2024-56326Jinja has a sandbox breakout through indirect reference to format method
  from 0, < 3.1.5
• HIGH7.1CVE-2025-49142Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
• MEDIUM6.2CVE-2014-0012Insecure Temporary File in Jinja2
  from 0, < 2.7.2
• MEDIUM6.2CVE-2014-0012Insecure Temporary File in Jinja2
  from 0, < acb672b6a179567632e032f547582f30fa2f4aa7 | from 0, < 2.7.3
• MEDIUM5.4CVE-2024-34064Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
  from 0, < 3.1.4
• MEDIUM5.4CVE-2024-22195Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
  from 0, < 3.1.3
• MEDIUM5.3CVE-2020-28493Regular Expression Denial of Service (ReDoS) in Jinja2
  from 0, < 2.11.3
• MEDIUM5.3CVE-2020-28493Regular Expression Denial of Service (ReDoS) in Jinja2
  from 0, < 2.11.3