nunjucks
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting nunjuckspage 1 of 1
- CVE-2016-10547MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.4.32018-05-31
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an a…
- CVE-2023-2142MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.2.42024-11-26
In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible …
Check whether nunjucks is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for nunjucks CVEs against the assets you own.
Start Free Scan →