— PyPI
PYSEC-2014-8 · CVE-2014-1402, GHSA-8r7q-cvjq-x353 Modified: 11/8/2023
package
PyPI / jinja2
pkg:pypi/jinja2
— PyPI
PYSEC-2014-82 · CVE-2014-0012, GHSA-fqh9-2qgg-h84h Modified: 11/8/2023
— PyPI
PYSEC-2019-217 · CVE-2019-10906, GHSA-462w-v97r-4m45 Modified: 11/8/2023
— PyPI
PYSEC-2019-220 · CVE-2016-10745, GHSA-hj2j-77xm-mc5v Modified: 11/8/2023
— PyPI
PYSEC-2021-66 · CVE-2020-28493, GHSA-g3rq-g295-4j3m Modified: 11/8/2023
HIGH 7.1 PyPI
PYSEC-2025-74 · CVE-2025-49142, GHSA-wjw6-95h5-4jpx Modified: 5/19/2026
HIGH 8.6 PyPI
GHSA-462w-v97r-4m45 · CVE-2019-10906, PYSEC-2019-217 Jinja2 sandbox escape via string formatting
Modified: 9/24/2024
HIGH 8.4 PyPI
GHSA-8r7q-cvjq-x353 · CVE-2014-1402, PYSEC-2014-8 Incorrect Privilege Assignment in Jinja2
Modified: 9/24/2024
MEDIUM PyPI
GHSA-cpwx-vrp4-4pq7 · CVE-2025-27516 Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
Modified: 2/4/2026
MEDIUM 6.2 PyPI
GHSA-fqh9-2qgg-h84h · CVE-2014-0012, PYSEC-2014-82 Insecure Temporary File in Jinja2
Modified: 9/23/2024
MEDIUM 5.3 PyPI
GHSA-g3rq-g295-4j3m · CVE-2020-28493, PYSEC-2021-66 Regular Expression Denial of Service (ReDoS) in Jinja2
Modified: 2/14/2025
HIGH 8.8 PyPI
GHSA-gmj6-6f8f-6699 · CVE-2024-56201 Jinja has a sandbox breakout through malicious filenames
Modified: 2/4/2026
MEDIUM 5.4 PyPI
GHSA-h5c8-rqwp-cp95 · CVE-2024-22195 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
Modified: 2/4/2026
MEDIUM 5.4 PyPI
GHSA-h75v-3vvj-5mfj · CVE-2024-34064 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
Modified: 2/4/2026
HIGH 8.6 PyPI
GHSA-hj2j-77xm-mc5v · CVE-2016-10745, PYSEC-2019-220 Jinja2 sandbox escape vulnerability
Modified: 9/24/2024
HIGH 7.8 PyPI
GHSA-q2x7-8rv6-6q7h · CVE-2024-56326 Jinja has a sandbox breakout through indirect reference to format method
Modified: 2/4/2026