RHCOS 9 : OpenShift Container Platform 4.12.72 (RHSA-2025:0834)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:0834 advisory. - jinja2: Jinja has a sandbox breakout through malicious filenames CVE-2024-56201 - jinja2: Jinja has a sandbox breakout through...

RHCOS 9 : OpenShift Container Platform 4.13.55 (RHSA-2025:1118)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1118 advisory. - jinja2: Jinja has a sandbox breakout through malicious filenames CVE-2024-56201 - jinja2: Jinja has a sandbox breakout through...

PT-2026-33382

Impact Up to 1.0.0 of home-assitant-cli or hass-cli for short an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and...

CVE-2025-23211

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24...

Security Bulletin: Vulnerability in Jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2025-27516]

Summary The Jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2025-27516 Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the...

Security Bulletin: Vulnerability in Jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-56326, CVE-2024-56201]

Summary The Jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-56326, CVE-2024-56201 Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.5, An oversig...

Advisory ROSA-SA-2025-3105

Software: python-jinja2 2.10.1 OS: ROSA Virtualization 2.1 packageevrstring: python-jinja2-2.10.1-6.rv3 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the html template tool jinja is related to a failure to neutralize special...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jinja2-3.1.5-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jinja2-3.1.5-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment...

EUVD-2014-0023

Malware in sbrugna...

EUVD-2025-3143

Malicious code in bioql PyPI...

RLSA-2025:7476 Important: python-jinja2 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

EulerOS 2.0 SP11 : python-jinja2 (EulerOS-SA-2025-1966)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filte...

RockyLinux 9 : fence-agents (RLSA-2025:3113)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:3113 advisory. jinja2: Jinja sandbox breakout through attr filter selecting format method CVE-2025-27516 Tenable has extracted the preceding description block directly from the...

Security Bulletin: IBM Truststore Manager uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516.

Summary IBM Truststore Manager uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6...

Security Bulletin: Vulnerability in jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-34064]

Summary The jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-34064 Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys...

Security Bulletin: Vulnerability in jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-22195]

Summary The jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-22195 Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Jinja is an extensible templating engine. Special placeholders in the template allow...

TencentOS Server 3: python-jinja2 (TSSA-2024:0203)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0203 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Security Bulletin: IBM watsonx Code Assistant On Prem product impacted by Input Handling Vulnerability in Jinja2 3.1.5

Summary A vulnerability CVE-2025-27516 has been identified in the jinja2 Python templating library version 3.1.5, which impacts the IBM watsonx Code Assistant On-Premises product. The issue stems from improper handling of untrusted template input, which may allow attackers to bypass sandbox...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl, jinja2-3.1.5-py3-none-any.whl CVE-2025-27516

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl, jinja2-3.1.5-py3-none-any.whl CVE-2025-27516. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.40 security and extras update

Red Hat OpenShift Container Platform release 4.16.40 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a security impact of...