copier

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting copierpage 1 of 1

CVE-2025-55201NONECVSS 0.0EG 0.0✓ Fixed in 9.9.1
2025-08-18
vulnerable: 2.0.0 ... 9.9.0 (69 versions)
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O me…
CVE-2025-55214NONECVSS 0.0EG 0.0✓ Fixed in 9.9.1
2025-08-18
vulnerable: 7.1.0 ... 9.9.0 (20 versions)
Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which…
CVE-2026-34726MEDIUMCVSS 4.4EG 4.4✓ Fixed in 9.14.1
2026-04-02
vulnerable: 2.0.0 ... 9.9.1 (82 versions)
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-dire…
CVE-2026-34730MEDIUMCVSS 5.5EG 5.5✓ Fixed in 9.14.1
2026-04-02
vulnerable: 2.0.0 ... 9.9.1 (82 versions)
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _external_data feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a maliciou…

Check whether copier is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for copier CVEs against the assets you own.

Start Free Scan →