VulnerableCode Package Details - pkg:pypi/jinja2@2.9.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-6qd1-fm49-rued Aliases: CVE-2019-10906 GHSA-462w-v97r-4m45 PYSEC-2019-217	In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.	2.10.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-cnfu-ah5v-hudm Aliases: CVE-2020-28493 GHSA-g3rq-g295-4j3m PYSEC-2021-66 SNYK-PYTHON-JINJA2-1012994	This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.	2.11.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6qd1-fm49-rued
Aliases:
CVE-2019-10906
GHSA-462w-v97r-4m45
PYSEC-2019-217

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

2.10.1
Affected by 1 other vulnerability.

VCID-cnfu-ah5v-hudm
Aliases:
CVE-2020-28493
GHSA-g3rq-g295-4j3m
PYSEC-2021-66
SNYK-PYTHON-JINJA2-1012994

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.

2.11.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T04:36:19.554214+00:00	GitLab Importer	Affected by	VCID-cnfu-ah5v-hudm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Jinja2/CVE-2020-28493.yml	38.6.0
2026-05-30T04:03:28.961067+00:00	GitLab Importer	Affected by	VCID-6qd1-fm49-rued	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Jinja2/CVE-2019-10906.yml	38.6.0
2026-05-29T16:35:56.860619+00:00	PyPI Importer	Affected by	VCID-cnfu-ah5v-hudm	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-29T16:34:29.263218+00:00	PyPI Importer	Affected by	VCID-6qd1-fm49-rued	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-29T08:35:57.266988+00:00	Pypa Importer	Affected by	VCID-cnfu-ah5v-hudm	https://github.com/pypa/advisory-database/blob/main/vulns/jinja2/PYSEC-2021-66.yaml	38.6.0
2026-05-29T08:33:13.940423+00:00	Pypa Importer	Affected by	VCID-6qd1-fm49-rued	https://github.com/pypa/advisory-database/blob/main/vulns/jinja2/PYSEC-2019-217.yaml	38.6.0