algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.7) +9 more potentially affected by CVE-2026-34730 via copier (>=9.0.1 <=9.11.3)

copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =4.13.6, =4.13.6, =5.0.0b4, =4.13.6, =4.13.6, =2.14.1, =2.51.0 Source cves: CVE-2026-34730 Source advisory: SNYK:PYTHON-COPIER-15874120...

algokit (>=0.2.0 <=2.10.0), algorun (>=0.0.1b1 <=0.0.1b4) +38 more potentially affected by CVE-2026-34730 via copier (>=2.3.3 <=9.11.3)

copier PYPI version =2.3.3, =0.2.0, =0.0.1b1, =0.0.1, =0.11.0, =0.31.0, =1.4.14, =0.2.3, =2.0.0, =0.18.0, =0.9.0, =0.10.0, =0.1.1, =0.14.1, =0.1.0, =0.1.10, =0.1.11 and more Source cves: CVE-2026-34730 Source advisory: OSV:GHSA-HGJQ-P8CR-GG4H...

algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.7) +9 more potentially affected by CVE-2026-34726 via copier (>=9.0.1 <=9.11.3)

copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =4.13.6, =4.13.6, =5.0.0b4, =4.13.6, =4.13.6, =2.14.1, =2.51.0 Source cves: CVE-2026-34726 Source advisory: SNYK:PYTHON-COPIER-15874119...

PT-2026-29668

Name of the Vulnerable Software and Affected Versions Copier versions prior to 9.14.1 Description Copier's subdirectory setting, intended to specify the template root, incorrectly allows parent directory traversal sequences like ... This allows a template to escape its directory and render files...

algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.7) +4 more potentially affected by CVE-2026-23986 via copier (>=9.0.1 <=9.11.1)

copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =2.14.1, =2.51.0 Source cves: CVE-2026-23986 Source advisory: SNYK:PYTHON-COPIER-15054509...

algokit (>=0.2.0 <=2.10.0), algorun (>=0.0.1b1 <=0.0.1b4) +37 more potentially affected by CVE-2026-23986 via copier (>=2.3.3 <=9.11.1)

copier PYPI version =2.3.3, =0.2.0, =0.0.1b1, =0.0.1, =0.11.0, =0.31.0, =1.4.14, =0.2.3, =2.0.0, =0.18.0, =0.9.0, =0.10.0, =0.1.1, =0.14.1, =0.1.0, =0.1.10, =0.1.11 and more Source cves: CVE-2026-23986 Source advisory: OSV:GHSA-4FQP-R85R-HXQH...

Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write to arbitrary directories outside the...

CVE-2026-23968 Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false

Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

GHSA-XJHM-GP88-8PFX Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently include arbitrary files/directories outsid...

UNIX Symbolic Link (Symlink) Following

Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the symlink resolution process in safe templates when preservesymlinks is set to false. An attacker can access arbitrary files or directori...

algokit (>=0.2.0 <=2.10.0), algorun (>=0.0.1b1 <=0.0.1b4) +37 more potentially affected by CVE-2026-23968 via copier (>=2.3.3 <=9.11.1)

copier PYPI version =2.3.3, =0.2.0, =0.0.1b1, =0.0.1, =0.11.0, =0.31.0, =1.4.14, =0.2.3, =2.0.0, =0.18.0, =0.9.0, =0.10.0, =0.1.1, =0.14.1, =0.1.0, =0.1.10, =0.1.11 and more Source cves: CVE-2026-23968 Source advisory: OSV:GHSA-XJHM-GP88-8PFX...

EUVD-2025-25131

Malicious code in bioql PyPI...

CVE-2025-55214

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

GHSA-P7Q8-GRRJ-3M8W Copier's safe template has filesystem write access outside destination path

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...

5bb-task (=3.49.1rc1), aegis-stack (>=0.2.0 <=0.6.13) +153 more potentially affected by CVE-2025-55214 via copier (>=7.1.0 <=9.9.0)

copier PYPI version =7.1.0, =0.2.0, =0.1.0, =1.0.0, =0.2.0, =0.0.1b1, =0.1.2, =0.1.0, =0.1.0, =0.1.0, =3.0.0, =0.5.2, =0.3.0, =0.3.4 and more Source cves: CVE-2025-55214 Source advisory: SNYK:PYTHON-COPIER-12009006...

5bb-task (=3.49.1rc1), aegis-stack (>=0.2.0 <=0.6.13) +141 more potentially affected by CVE-2025-55201 via copier (>=9.0.1 <=9.9.0)

copier PYPI version =9.0.1, =0.2.0, =0.1.0, =1.0.0, =1.6.1, =0.1.2, =0.1.0, =0.1.0, =0.1.0, =3.0.0, =0.5.2, =0.3.0, =0.3.4 - bidsapps =0.1.0a0 and more Source cves: CVE-2025-55201 Source advisory: SNYK:PYTHON-COPIER-12009009...

PT-2025-33667 · Copier · Copier

Name of the Vulnerable Software and Affected Versions: Copier versions prior to 9.9.1 Description: Copier exposes pathlib.Path objects in the Jinja context with unconstrained I/O methods, allowing a safe template to read and write arbitrary files. This renders the security model regarding...

PT-2025-33669 · Copier · Copier

Name of the Vulnerable Software and Affected Versions: Copier versions 7.1.0 through 9.9.0 Description: Copier, a library and CLI application for rendering project templates, allows for the potential to write files outside the intended destination path when rendering a generated directory structu...