CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в jinja2

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, which could potentially lead to Cross-Site Scripting XSS. The Jinja xmlattr filter can be...

6.1CVSS6.9AI score0.00151EPSS

IBM Security Bulletins•added 2026/04/08 8:39 a.m.•1 views

Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in Jinja via xmlattr Filter Attribute Injection affects watsonx.data

Summary A vulnerability in Jinja allows attackers to inject arbitrary HTML attributes through the xmlattr filter, potentially bypassing escaping and validation mechanisms. This can lead to Cross-Site Scripting XSS in affected applications. This can affect watsonx.data. Vulnerability Details...

8.8CVSS7.2AI score0.0123EPSS

Exploits0Affected Software1

Tenable Nessus•added 2026/01/20 12:0 a.m.•2 views

MiracleLinux 9 : fence-agents-4.10.0-62.el9_4.3 (AXSA:2024-8287:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8287:07 advisory. jinja2: accepts keys containing non-attribute characters CVE-2024-34064 CVE-2024-34064 Jinja is an extensible templating engine. The xmlattr filter in affect...

6.1CVSS7.2AI score0.0123EPSS

Tenable Nessus•added 2025/11/20 12:0 a.m.•2 views

TencentOS Server 3: python-jinja2 (TSSA-2024:0306)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0306 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

6.1CVSS7.2AI score0.0123EPSS

Tenable Nessus•added 2025/11/07 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2024-22195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary...

6.1CVSS7.1AI score0.00151EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-0365

Malicious code in bioql PyPI...

6.1CVSS7AI score0.00151EPSS

Exploits0References12

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-1641

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.0123EPSS

Exploits0References12

Tenable Nessus•added 2025/06/16 12:0 a.m.•2 views

TencentOS Server 3: python-jinja2 (TSSA-2024:0203)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0203 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

6.1CVSS7.1AI score0.00151EPSS

RedHat Linux•added 2025/02/12 12:11 a.m.•1 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

OSV•added 2025/02/03 8:53 a.m.•0 views

SUSE-SU-2025:20035-1 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - CVE-2024-34064, CVE-2024-22195: HTML attribute injection when passing user input as keys to xmlattr filter bsc1223980, bsc1218722...

6.1CVSS6.8AI score0.0123EPSS

RedHat Linux•added 2024/11/12 8:45 a.m.•2 views

jinja2: accepts keys containing non-attribute characters

OpenVAS•added 2024/10/28 12:0 a.m.•9 views

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-2642)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.0123EPSS

F5 Networks•added 2024/09/30 4:55 p.m.•28 views

K000141253: Python vulnerability CVE-2024-22195

Security Advisory Description Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja...

6.1CVSS8AI score0.00151EPSS

Exploits0Affected Software1

Tenable Nessus•added 2024/09/10 12:0 a.m.•15 views

EulerOS 2.0 SP12 : python-jinja2 (EulerOS-SA-2024-2356)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters...

6.1CVSS7.2AI score0.0123EPSS

RedHat Linux•added 2024/09/04 8:17 a.m.•1 views

jinja2: accepts keys containing non-attribute characters

Redos•added 2024/09/02 12:0 a.m.•12 views

ROS-20240902-04

A vulnerability in the xmlattr filter of the Jinja2 templating engine for the Python programming language is related to the failure to take measures to protect the structure of a web page. to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting...

6.1CVSS6.1AI score0.00151EPSS

Exploits0

RedHat Linux•added 2024/08/29 3:20 a.m.•1 views

jinja2: accepts keys containing non-attribute characters

RedHat Linux•added 2024/08/20 8:33 p.m.•1 views

jinja2: accepts keys containing non-attribute characters