CVE-2022-40023

CVE-2022-40023 affects the Python package mako (and related plugins) with a Regular expression Denial of Service in the Lexer parser when using mako before version 1.2.2. Connected advisories consistently state the issue is fixed in newer mako/python-mako packages across distributions (e.g., Debi...

CVE-2026-41205

Mako (Python) prior to 1.3.11 is affected by a path traversal vulnerability in TemplateLookup.get_template() when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash‑stripping implementations. If an application passes untrusted input directly t...