Jinja2 is a widely used PyPI package. As of 2026-05-24, there are 16 known vulnerabilities in the OSV database. The latest stable version is 3.1.6. Developers should audit their dependency trees and update to patched versions.
Package Overview
Known Vulnerabilities (16)
| ID | Severity | Score | Affected Versions | Fixed In | Description |
|---|---|---|---|---|---|
| CVE-2019-10906 | HIGH | 7.5 | 0 to 2.10.1 | 2.10.1 | Jinja2 sandbox escape via string formatting |
| CVE-2014-1402 | HIGH | 7.5 | 0 to 2.7.2 | 2.7.2 | Incorrect Privilege Assignment in Jinja2 |
| CVE-2016-10745 | HIGH | 7.5 | 0 to 2.8.1 | 2.8.1 | Jinja2 sandbox escape vulnerability |
| CVE-2025-27516 | MODERATE | 5.0 | 0 to 3.1.6 | 3.1.6 | Jinja2 vulnerable to sandbox breakout through attr filter selecting format method |
| CVE-2014-0012 | MODERATE | 5.0 | 0 to 2.7.2 | 2.7.2 | Insecure Temporary File in Jinja2 |
| CVE-2020-28493 | MODERATE | 5.0 | 0 to 2.11.3 | 2.11.3 | Regular Expression Denial of Service (ReDoS) in Jinja2 |
| CVE-2024-56201 | MODERATE | 5.0 | 3.0.0 to 3.1.5 | 3.1.5 | Jinja has a sandbox breakout through malicious filenames |
| CVE-2024-22195 | MODERATE | 5.0 | 0 to 3.1.3 | 3.1.3 | Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter |
| CVE-2024-34064 | MODERATE | 5.0 | 0 to 3.1.4 | 3.1.4 | Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter |
| CVE-2024-56326 | MODERATE | 5.0 | 0 to 3.1.5 | 3.1.5 | Jinja has a sandbox breakout through indirect reference to format method |
| CVE-2014-1402 | UNKNOWN | - | 0 to 2.7.2 | 2.7.2 | The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file wit |
| CVE-2014-0012 | UNKNOWN | - | 0 to acb672b6a179567632e032f547582f30fa2f4aa7; 0 to 2.7.3 | acb672b6a179567632e032f547582f30fa2f4aa7 | FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this |
| CVE-2019-10906 | UNKNOWN | - | 0 to 2.10.1 | 2.10.1 | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. |
| CVE-2016-10745 | UNKNOWN | - | 0 to 9b53045c34e61013dc8f09b7e52a555fa16bed16; 0 to 2.8.1 | 9b53045c34e61013dc8f09b7e52a555fa16bed16 | In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. |
| CVE-2020-28493 | UNKNOWN | - | 0 to 2.11.3 | 2.11.3 | This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the |
| CVE-2025-49142 | UNKNOWN | - | See advisory | N/A | Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configur |
Security Recommendations
- Pin Jinja2 to the latest stable version (3.1.6) in your dependency manifest
- Enable automated dependency updates with Dependabot or Renovate
- Run regular vulnerability scans using
pip-audit - Review your lock file (requirements.txt) after every update
- Monitor the OSV database and NIST NVD for new advisories
FAQ
Is Jinja2 safe to use?
Jinja2 is actively maintained and widely used. As of 2026-05-24, there are 16 known vulnerabilities listed in the OSV database. Most have patches available. Keeping your dependencies updated and running regular security audits significantly reduces risk.
What vulnerabilities does Jinja2 have?
The OSV database currently lists 16 vulnerabilities for Jinja2. These range in severity and are detailed in the vulnerability table above. Check the linked advisories for full technical details and remediation guidance.
How do I update Jinja2 to fix vulnerabilities?
Run pip install --upgrade jinja2 to get the newest version. Use pip-audit or safety check to scan for known vulnerabilities. Pin your dependencies with a requirements file and review updates regularly.
Using AI-Generated Code with Jinja2?
Our vibe coding security audit checks for misconfigurations, exposed secrets and vulnerable dependencies in AI-generated codebases. If your project uses Jinja2, we can verify it is locked to a safe version and properly configured.
Get a Vibe Coding Security Audit