[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-10906":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":56,"related":57,"reserved_at":9,"published_at":66,"modified_at":67,"state":68,"summary":69,"references_raw":78,"kevs":251,"epss":252,"epss_history":255,"metrics":509,"affected":525},"CVE-2019-10906","In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[20,21],"GHSA-462w-v97r-4m45","PYSEC-2019-217",[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54],{"_key":25},"RHSA-2019:1152",{"_key":27},"RHSA-2019:1237",{"_key":29},"RHSA-2019:1329",{"_key":31},"SUSE-SU-2019:1156-1",{"_key":33},"SUSE-SU-2019:1554-1",{"_key":35},"SUSE-SU-2020:3096-1",{"_key":37},"SUSE-SU-2020:3897-1",{"_key":39},"UBUNTU-CVE-2019-10906",{"_key":41},"USN-4011-1",{"_key":43},"USN-4011-2",{"_key":45},"OPENSUSE-SU-2019:1395-1",{"_key":47},"OPENSUSE-SU-2024:11208-1",{"_key":49},"OPENSUSE-SU-2024:13930-1",{"_key":51},"MGASA-2019-0177",{"_key":53},"DEBIAN-CVE-2019-10906",{"_key":55},"RHSA-2019:3172",[],[58,59,60,61,62,63,64,65],{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":45},{"_key":47},{"_key":49},{"_key":51},"2019-04-06T23:17:03.000Z","2024-08-04T22:40:15.214Z","Modified",{"cisa_kev":70,"cisa_ransomware":70,"cisa_vendor":9,"epss_severity":71,"epss_score":72,"severity":73,"severity_score":74,"severity_version":75,"severity_source":76,"severity_vector":77,"severity_status":68},false,"low",0.02334,"high",8.6,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",[79,90,96,100,104,108,112,116,120,124,129,133,137,144,149,153,157,162,166,170,174,178,182,186,190,194,198,202,206,210,214,218,222,226,230,235,239,243,247],{"url":80,"sources":81,"tags":84},"https://palletsprojects.com/blog/jinja-2-10-1-released",[82,76,83],"cve.org","osv_pypi",[85,86,87,88,89],"X Refsource MISC","Release Notes","Vendor Advisory","WEB","ARTICLE",{"url":91,"sources":92,"tags":93},"https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284%40%3Cdevnull.infra.apache.org%3E",[82,76],[94,95],"Mailing List","X Refsource MLIST",{"url":97,"sources":98,"tags":99},"https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da%40%3Ccommits.airflow.apache.org%3E",[82,76],[94,95],{"url":101,"sources":102,"tags":103},"https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316%40%3Ccommits.airflow.apache.org%3E",[82,76],[94,95],{"url":105,"sources":106,"tags":107},"https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02%40%3Ccommits.airflow.apache.org%3E",[82,76],[94,95],{"url":109,"sources":110,"tags":111},"https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df%40%3Cdevnull.infra.apache.org%3E",[82,76],[94,95],{"url":113,"sources":114,"tags":115},"https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac%40%3Cdevnull.infra.apache.org%3E",[82,76],[94,95],{"url":117,"sources":118,"tags":119},"https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993%40%3Ccommits.airflow.apache.org%3E",[82,76],[94,95],{"url":121,"sources":122,"tags":123},"https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f%40%3Cdevnull.infra.apache.org%3E",[82,76],[94,95],{"url":125,"sources":126,"tags":127},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/",[82,76],[87,128],"X Refsource FEDORA",{"url":130,"sources":131,"tags":132},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/",[82,76],[87,128],{"url":134,"sources":135,"tags":136},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/",[82,76],[87,128],{"url":138,"sources":139,"tags":140},"https://access.redhat.com/errata/RHSA-2019:1152",[82,76,83],[87,141,142,88,143],"X Refsource REDHAT","Third Party Advisory","Advisory",{"url":145,"sources":146,"tags":147},"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html",[82,76,83],[87,148,94,142,88],"X Refsource SUSE",{"url":150,"sources":151,"tags":152},"https://access.redhat.com/errata/RHSA-2019:1237",[82,76,83],[87,141,142,88,143],{"url":154,"sources":155,"tags":156},"https://access.redhat.com/errata/RHSA-2019:1329",[82,76,83],[87,141,142,88,143],{"url":158,"sources":159,"tags":160},"https://usn.ubuntu.com/4011-1/",[82,76,83],[87,161,142,88],"X Refsource UBUNTU",{"url":163,"sources":164,"tags":165},"https://usn.ubuntu.com/4011-2/",[82,76,83],[87,161,142,88],{"url":167,"sources":168,"tags":169},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html",[82,76,83],[87,148,94,142,88],{"url":171,"sources":172,"tags":173},"https://nvd.nist.gov/vuln/detail/CVE-2019-10906",[83],[143],{"url":175,"sources":176,"tags":177},"https://usn.ubuntu.com/4011-2",[83],[88],{"url":179,"sources":180,"tags":181},"https://usn.ubuntu.com/4011-1",[83],[88],{"url":183,"sources":184,"tags":185},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ",[83],[88],{"url":187,"sources":188,"tags":189},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU",[83],[88],{"url":191,"sources":192,"tags":193},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF",[83],[88],{"url":195,"sources":196,"tags":197},"https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316@%3Ccommits.airflow.apache.org%3E",[83],[88],{"url":199,"sources":200,"tags":201},"https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da@%3Ccommits.airflow.apache.org%3E",[83],[88],{"url":203,"sources":204,"tags":205},"https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993@%3Ccommits.airflow.apache.org%3E",[83],[88],{"url":207,"sources":208,"tags":209},"https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02@%3Ccommits.airflow.apache.org%3E",[83],[88],{"url":211,"sources":212,"tags":213},"https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284@%3Cdevnull.infra.apache.org%3E",[83],[88],{"url":215,"sources":216,"tags":217},"https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df@%3Cdevnull.infra.apache.org%3E",[83],[88],{"url":219,"sources":220,"tags":221},"https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac@%3Cdevnull.infra.apache.org%3E",[83],[88],{"url":223,"sources":224,"tags":225},"https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f@%3Cdevnull.infra.apache.org%3E",[83],[88],{"url":227,"sources":228,"tags":229},"https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-217.yaml",[83],[88],{"url":231,"sources":232,"tags":233},"https://github.com/pallets/jinja",[83],[234],"PACKAGE",{"url":236,"sources":237,"tags":238},"https://github.com/advisories/GHSA-462w-v97r-4m45",[83],[143],{"url":240,"sources":241,"tags":242},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/",[83],[88],{"url":244,"sources":245,"tags":246},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/",[83],[88],{"url":248,"sources":249,"tags":250},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/",[83],[88],[],{"date":253,"score":72,"percentile":254},"2026-06-04",0.85136,[256,260,263,265,268,271,273,276,279,282,285,288,291,293,295,299,302,305,308,311,314,316,319,321,324,327,330,332,335,338,341,344,347,350,353,355,358,361,364,367,370,373,376,379,381,384,387,390,393,395,398,401,403,406,410,413,416,418,421,424,427,430,433,435,437,439,442,445,448,450,453,456,458,460,463,466,469,472,476,478,480,482,484,488,491,494,497,500,503,506],{"date":257,"score":258,"percentile":259},"2025-11-04",0.02615,0.8513,{"date":261,"score":258,"percentile":262},"2025-11-05",0.85134,{"date":264,"score":258,"percentile":254},"2025-11-06",{"date":266,"score":258,"percentile":267},"2025-11-07",0.85143,{"date":269,"score":258,"percentile":270},"2025-11-08",0.85148,{"date":272,"score":258,"percentile":267},"2025-11-09",{"date":274,"score":258,"percentile":275},"2025-11-10",0.85137,{"date":277,"score":258,"percentile":278},"2025-11-11",0.85141,{"date":280,"score":258,"percentile":281},"2025-11-12",0.85153,{"date":283,"score":258,"percentile":284},"2025-11-13",0.8516,{"date":286,"score":258,"percentile":287},"2025-11-14",0.85161,{"date":289,"score":258,"percentile":290},"2025-11-15",0.85156,{"date":292,"score":258,"percentile":290},"2025-11-16",{"date":294,"score":258,"percentile":267},"2025-11-17",{"date":296,"score":297,"percentile":298},"2025-11-18",0.06715,0.90342,{"date":300,"score":297,"percentile":301},"2025-11-19",0.90347,{"date":303,"score":297,"percentile":304},"2025-11-20",0.9035,{"date":306,"score":258,"percentile":307},"2025-11-21",0.85158,{"date":309,"score":258,"percentile":310},"2025-11-22",0.85155,{"date":312,"score":258,"percentile":313},"2025-11-23",0.85146,{"date":315,"score":258,"percentile":270},"2025-11-24",{"date":317,"score":258,"percentile":318},"2025-11-25",0.85144,{"date":320,"score":258,"percentile":313},"2025-11-26",{"date":322,"score":258,"percentile":323},"2025-11-27",0.85147,{"date":325,"score":258,"percentile":326},"2025-11-28",0.85129,{"date":328,"score":258,"percentile":329},"2025-11-29",0.85174,{"date":331,"score":258,"percentile":329},"2025-11-30",{"date":333,"score":258,"percentile":334},"2025-12-01",0.85237,{"date":336,"score":258,"percentile":337},"2025-12-02",0.85241,{"date":339,"score":258,"percentile":340},"2025-12-03",0.85242,{"date":342,"score":258,"percentile":343},"2025-12-04",0.85177,{"date":345,"score":258,"percentile":346},"2025-12-05",0.85181,{"date":348,"score":258,"percentile":349},"2025-12-06",0.85178,{"date":351,"score":258,"percentile":352},"2025-12-07",0.85165,{"date":354,"score":258,"percentile":352},"2025-12-08",{"date":356,"score":258,"percentile":357},"2025-12-09",0.85172,{"date":359,"score":258,"percentile":360},"2025-12-10",0.85194,{"date":362,"score":258,"percentile":363},"2025-12-11",0.852,{"date":365,"score":258,"percentile":366},"2025-12-12",0.85206,{"date":368,"score":258,"percentile":369},"2025-12-13",0.85203,{"date":371,"score":258,"percentile":372},"2025-12-14",0.85199,{"date":374,"score":258,"percentile":375},"2025-12-15",0.85196,{"date":377,"score":258,"percentile":378},"2025-12-16",0.85202,{"date":380,"score":258,"percentile":366},"2025-12-17",{"date":382,"score":258,"percentile":383},"2025-12-18",0.8521,{"date":385,"score":258,"percentile":386},"2025-12-19",0.85214,{"date":388,"score":258,"percentile":389},"2025-12-20",0.85208,{"date":391,"score":258,"percentile":392},"2025-12-21",0.85211,{"date":394,"score":258,"percentile":392},"2025-12-22",{"date":396,"score":258,"percentile":397},"2025-12-23",0.85216,{"date":399,"score":258,"percentile":400},"2025-12-24",0.85222,{"date":402,"score":258,"percentile":334},"2025-12-25",{"date":404,"score":258,"percentile":405},"2025-12-26",0.8524,{"date":407,"score":408,"percentile":409},"2025-12-27",0.01473,0.80548,{"date":411,"score":258,"percentile":412},"2025-12-28",0.85231,{"date":414,"score":258,"percentile":415},"2025-12-29",0.8523,{"date":417,"score":258,"percentile":334},"2025-12-30",{"date":419,"score":258,"percentile":420},"2025-12-31",0.85246,{"date":422,"score":258,"percentile":423},"2026-01-01",0.85306,{"date":425,"score":258,"percentile":426},"2026-01-02",0.85305,{"date":428,"score":258,"percentile":429},"2026-01-03",0.85303,{"date":431,"score":258,"percentile":432},"2026-01-04",0.85238,{"date":434,"score":258,"percentile":412},"2026-01-05",{"date":436,"score":258,"percentile":334},"2026-01-06",{"date":438,"score":258,"percentile":334},"2026-01-07",{"date":440,"score":258,"percentile":441},"2026-01-08",0.85245,{"date":443,"score":258,"percentile":444},"2026-01-09",0.85248,{"date":446,"score":258,"percentile":447},"2026-01-10",0.85244,{"date":449,"score":258,"percentile":405},"2026-01-11",{"date":451,"score":258,"percentile":452},"2026-01-12",0.85234,{"date":454,"score":258,"percentile":455},"2026-01-13",0.85228,{"date":457,"score":258,"percentile":420},"2026-01-14",{"date":459,"score":258,"percentile":441},"2026-01-15",{"date":461,"score":258,"percentile":462},"2026-01-16",0.8525,{"date":464,"score":258,"percentile":465},"2026-01-17",0.85256,{"date":467,"score":258,"percentile":468},"2026-01-18",0.85251,{"date":470,"score":258,"percentile":471},"2026-01-19",0.85247,{"date":473,"score":474,"percentile":475},"2026-01-20",0.02567,0.85123,{"date":477,"score":474,"percentile":326},"2026-01-21",{"date":479,"score":474,"percentile":262},"2026-01-22",{"date":481,"score":474,"percentile":318},"2026-01-23",{"date":483,"score":474,"percentile":310},"2026-01-24",{"date":485,"score":486,"percentile":487},"2026-01-25",0.03322,0.86936,{"date":489,"score":486,"percentile":490},"2026-01-26",0.86931,{"date":492,"score":486,"percentile":493},"2026-01-27",0.86932,{"date":495,"score":486,"percentile":496},"2026-01-28",0.86935,{"date":498,"score":486,"percentile":499},"2026-01-29",0.86937,{"date":501,"score":486,"percentile":502},"2026-01-30",0.86938,{"date":504,"score":486,"percentile":505},"2026-01-31",0.8694,{"date":507,"score":486,"percentile":508},"2026-02-01",0.87005,[510,519],{"source":76,"cvss_v2_0":511,"cvss_v3_0":9,"cvss_v3_1":516,"cvss_v4_0":9},{"baseScore":512,"baseSeverity":9,"vectorString":513,"impactScore":514,"exploitabilityScore":515},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":74,"baseSeverity":517,"vectorString":77,"impactScore":518,"exploitabilityScore":515},"HIGH",6.7,{"source":83,"cvss_v2_0":9,"cvss_v3_0":520,"cvss_v3_1":9,"cvss_v4_0":522},{"baseScore":74,"baseSeverity":9,"vectorString":521,"impactScore":518,"exploitabilityScore":515},"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",{"baseScore":523,"baseSeverity":9,"vectorString":524,"impactScore":9,"exploitabilityScore":9},7.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",[526,545,555,563,573,581],{"ecosystem":9,"name":527,"vendor":528,"product":529,"cpe_part":530,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":531},"ubuntu linux","canonical","ubuntu_linux","o",[532,535,537,539,541,543],{"version":533,"is_range":70,"range_type":534,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":536,"is_range":70,"range_type":534,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":538,"is_range":70,"range_type":534,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":540,"is_range":70,"range_type":534,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":542,"is_range":70,"range_type":534,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.10",{"version":544,"is_range":70,"range_type":534,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.04",{"ecosystem":9,"name":546,"vendor":547,"product":546,"cpe_part":530,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":548},"fedora","fedoraproject",[549,551,553],{"version":550,"is_range":70,"range_type":534,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"28",{"version":552,"is_range":70,"range_type":534,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"29",{"version":554,"is_range":70,"range_type":534,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":9,"name":556,"vendor":557,"product":556,"cpe_part":530,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":558},"leap","opensuse",[559,561],{"version":560,"is_range":70,"range_type":534,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0",{"version":562,"is_range":70,"range_type":534,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"42.3",{"ecosystem":9,"name":564,"vendor":565,"product":564,"cpe_part":566,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":567},"jinja","palletsprojects","a",[568],{"version":569,"is_range":570,"range_type":534,"version_start":9,"version_start_type":9,"version_end":571,"version_end_type":572,"fixed_in":9},"lt2.10.1",true,"2.10.1","excluding",{"ecosystem":574,"name":575,"vendor":574,"product":575,"cpe_part":9,"purl_type":576,"purl_namespace":9,"purl_name":575,"source":9,"versions":577},"PyPI","jinja2","pypi",[578],{"version":579,"is_range":570,"range_type":580,"version_start":9,"version_start_type":9,"version_end":571,"version_end_type":572,"fixed_in":9},"lt2_10_1","ecosystem",{"ecosystem":9,"name":582,"vendor":583,"product":584,"cpe_part":566,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":585},"software collections","redhat","software_collections",[586],{"version":587,"is_range":70,"range_type":534,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0"]