CVE-2026-40602

The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...

CVE-2025-69516

A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...

CVE-2025-1040

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to t...

EUVD-2025-17714

Malicious code in bioql PyPI...

CVE-2025-49142

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

GHSA-WJW6-95H5-4JPX Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Impact What kind of vulnerability is it? Who is impacted? All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot: 1. A malicious...

Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Impact What kind of vulnerability is it? Who is impacted? All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot: 1. A malicious...

PYSEC-2025-79

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

CVE-2025-49142 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

CVE-2025-49142

CVE-2025-49142 affects Nautobot prior to 2.4.10 and prior to 1.6.32. The issue arises from misconfigurations in the Jinja2 templating used in computed fields, custom links, etc., allowing a malicious user to expose secret values or to invoke Python APIs to modify data when templated content is re...

CVE-2025-49142 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

CVE-2025-49142 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

PT-2025-24685 · Nautobot +1 · Nautobot +1

Name of the Vulnerable Software and Affected Versions: Nautobot versions prior to 1.6.32 Nautobot versions prior to 2.4.10 Description: The issue arises from insufficient security configuration of the Jinja2 templating feature in Nautobot, which can be exploited by a malicious user to expose...

CVE-2025-1040

CVE-2025-1040 : AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that can lead to Remote Code Execution (RCE). The root cause is improper handling of user-supplied format strings in the AgentOutputBlock, where input is passed to the Jinja2 templating en...

Linux Distros Unpatched Vulnerability : CVE-2017-7481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, th...

Server-side Template Injection (SSTI)

ethycafides is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper input sanitization and lack of rendering environment restrictions in the Jinja2 templating engine used in the Email Templating feature of Fides, which allows privileged users to execute remote...

The vulnerability of the Jinja2 HTML templating tool, a programming language interpreter for Python, allows attackers to trigger a denial-of-service attack.

The vulnerability of the Jinja2 HTML templating engine, a Python-based programming language interpreter, is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

PYSEC-2021-853

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

The vulnerability of the `from_string` function in the Jinja2 templater, which allows an attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the fromstring function in the Jinja2 templater for the Python programming language is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected information...

DEBIAN-CVE-2017-7481

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2...