Jinja2
This hub aggregates every CVE we track for Jinja2, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
1
Critical
5
High
0
In CISA KEV
Severity distribution
HIGH5MEDIUM5CRITICAL1
Monthly trend
0
0
0
0
2
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 11 most recently published vulnerabilities affecting Jinja2.
- CVE-2025-27516Jinja sandbox breakout through attr filter selecting format method8.8
- CVE-2024-56326Jinja has a sandbox breakout through indirect reference to format method7.8
- CVE-2024-56201Jinja has a sandbox breakout through malicious filenames8.8
- CVE-2024-34064Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter5.4
- CVE-2024-22195Jinja vulnerable to Cross-Site Scripting (XSS)5.4
- CVE-2020-28493Regular Expression Denial of Service (ReDoS)5.3
- CVE-2016-10745In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.8.6
- CVE-2019-10906In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.8.6
- CVE-2019-8341An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then r...9.8
- CVE-2014-1402The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file ...4.4
- CVE-2014-0012FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: t...4.4
Product normalization is registry-driven with AI assist and human review. How it works