[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-28493":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":86,"aliases":96,"duplicate_of":9,"upstream":100,"downstream":101,"duplicates":140,"related":141,"reserved_at":9,"published_at":151,"modified_at":152,"state":153,"summary":154,"references_raw":162,"kevs":223,"epss":224,"epss_history":227,"metrics":487,"affected":505},"CVE-2020-28493","This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],[87],{"_key":88,"name":89,"source":90,"url":91,"maturity":92,"reliability_score":93,"verified":94,"type":9,"platforms":95,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_4CFAE456CA6D4496","Exploit Reference (snyk.io)","reference","https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994","unknown",0.2,false,[],[97,98,99],"GHSA-g3rq-g295-4j3m","PYSEC-2021-66","SNYK-PYTHON-JINJA2-1012994",[],[102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138],{"_key":103},"ALPINE-CVE-2020-28493",{"_key":105},"SUSE-SU-2021:0654-1",{"_key":107},"RHSA-2021:4161",{"_key":109},"SUSE-SU-2021:0601-1",{"_key":111},"SUSE-SU-2021:0602-1",{"_key":113},"SUSE-SU-2021:0603-1",{"_key":115},"SUSE-SU-2021:0607-1",{"_key":117},"SUSE-SU-2021:14644-1",{"_key":119},"UBUNTU-CVE-2020-28493",{"_key":121},"OPENSUSE-SU-2024:11208-1",{"_key":123},"OPENSUSE-SU-2024:13930-1",{"_key":125},"RHSA-2021:3252",{"_key":127},"RHSA-2021:4151",{"_key":129},"RHSA-2021:3254",{"_key":131},"RHSA-2021:4162",{"_key":133},"MGASA-2021-0178",{"_key":135},"DEBIAN-CVE-2020-28493",{"_key":137},"USN-5701-1",{"_key":139},"USN-6599-1",[],[142,143,144,145,146,147,148,149,150],{"_key":105},{"_key":109},{"_key":111},{"_key":113},{"_key":115},{"_key":117},{"_key":121},{"_key":123},{"_key":133},"2021-02-01T19:30:16.601Z","2024-09-16T17:24:01.606Z","Modified",{"cisa_kev":94,"cisa_ransomware":94,"cisa_vendor":9,"epss_severity":155,"epss_score":156,"severity":157,"severity_score":158,"severity_version":159,"severity_source":160,"severity_vector":161,"severity_status":153},"low",0.00207,"medium",5.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",[163,173,178,183,189,194,198,202,206,211,215,219],{"url":91,"sources":164,"tags":167},[160,165,166],"nvd","osv_pypi",[168,169,170,171,172],"X Refsource MISC","Exploit","Third Party Advisory","WEB","Advisory",{"url":174,"sources":175,"tags":176},"https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20",[160,165,166],[168,177,171],"Broken Link",{"url":179,"sources":180,"tags":181},"https://github.com/pallets/jinja/pull/1343",[160,165,166],[168,182,170,171],"Patch",{"url":184,"sources":185,"tags":186},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/",[160,165],[187,188],"Vendor Advisory","X Refsource FEDORA",{"url":190,"sources":191,"tags":192},"https://security.gentoo.org/glsa/202107-19",[160,165,166],[187,193,170,171],"X Refsource GENTOO",{"url":195,"sources":196,"tags":197},"https://nvd.nist.gov/vuln/detail/CVE-2020-28493",[166],[172],{"url":199,"sources":200,"tags":201},"https://github.com/pallets/jinja/commit/15ef8f09b659f9100610583938005a7a10472d4d",[166],[171],{"url":203,"sources":204,"tags":205},"https://github.com/advisories/GHSA-g3rq-g295-4j3m",[166],[172],{"url":207,"sources":208,"tags":209},"https://github.com/pallets/jinja",[166],[210],"PACKAGE",{"url":212,"sources":213,"tags":214},"https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2021-66.yaml",[166],[171],{"url":216,"sources":217,"tags":218},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4",[166],[171],{"url":220,"sources":221,"tags":222},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/",[166],[171],[],{"date":225,"score":156,"percentile":226},"2026-06-04",0.4297,[228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,274,277,280,283,286,289,292,295,298,301,304,307,310,313,315,318,321,324,327,330,332,335,337,340,343,346,348,351,354,357,360,363,366,369,372,374,376,379,382,385,388,391,394,397,400,403,406,409,412,414,417,419,422,425,427,430,433,436,439,442,445,447,450,453,456,459,462,464,467,470,473,475,478,481,484],{"date":229,"score":156,"percentile":230},"2025-11-04",0.43104,{"date":232,"score":156,"percentile":233},"2025-11-05",0.431,{"date":235,"score":156,"percentile":236},"2025-11-06",0.43113,{"date":238,"score":156,"percentile":239},"2025-11-07",0.4314,{"date":241,"score":156,"percentile":242},"2025-11-08",0.43139,{"date":244,"score":156,"percentile":245},"2025-11-09",0.43118,{"date":247,"score":156,"percentile":248},"2025-11-10",0.43083,{"date":250,"score":156,"percentile":251},"2025-11-11",0.43102,{"date":253,"score":156,"percentile":254},"2025-11-12",0.43136,{"date":256,"score":156,"percentile":257},"2025-11-13",0.43149,{"date":259,"score":156,"percentile":260},"2025-11-14",0.43161,{"date":262,"score":156,"percentile":263},"2025-11-15",0.43157,{"date":265,"score":156,"percentile":266},"2025-11-16",0.43142,{"date":268,"score":156,"percentile":269},"2025-11-17",0.43115,{"date":271,"score":272,"percentile":273},"2025-11-18",0.01559,0.79909,{"date":275,"score":272,"percentile":276},"2025-11-19",0.79913,{"date":278,"score":272,"percentile":279},"2025-11-20",0.7992,{"date":281,"score":156,"percentile":282},"2025-11-21",0.43094,{"date":284,"score":156,"percentile":285},"2025-11-22",0.43092,{"date":287,"score":156,"percentile":288},"2025-11-23",0.43067,{"date":290,"score":156,"percentile":291},"2025-11-24",0.43059,{"date":293,"score":156,"percentile":294},"2025-11-25",0.43073,{"date":296,"score":156,"percentile":297},"2025-11-26",0.4307,{"date":299,"score":156,"percentile":300},"2025-11-27",0.43076,{"date":302,"score":156,"percentile":303},"2025-11-28",0.43047,{"date":305,"score":156,"percentile":306},"2025-11-29",0.43026,{"date":308,"score":156,"percentile":309},"2025-11-30",0.43006,{"date":311,"score":156,"percentile":312},"2025-12-01",0.4313,{"date":314,"score":156,"percentile":266},"2025-12-02",{"date":316,"score":156,"percentile":317},"2025-12-03",0.43143,{"date":319,"score":156,"percentile":320},"2025-12-04",0.43004,{"date":322,"score":156,"percentile":323},"2025-12-05",0.43029,{"date":325,"score":156,"percentile":326},"2025-12-06",0.43023,{"date":328,"score":156,"percentile":329},"2025-12-07",0.43003,{"date":331,"score":156,"percentile":309},"2025-12-08",{"date":333,"score":156,"percentile":334},"2025-12-09",0.43038,{"date":336,"score":156,"percentile":233},"2025-12-10",{"date":338,"score":156,"percentile":339},"2025-12-11",0.43129,{"date":341,"score":156,"percentile":342},"2025-12-12",0.43154,{"date":344,"score":156,"percentile":345},"2025-12-13",0.43138,{"date":347,"score":156,"percentile":230},"2025-12-14",{"date":349,"score":156,"percentile":350},"2025-12-15",0.43088,{"date":352,"score":156,"percentile":353},"2025-12-16",0.43114,{"date":355,"score":156,"percentile":356},"2025-12-17",0.43158,{"date":358,"score":156,"percentile":359},"2025-12-18",0.43196,{"date":361,"score":156,"percentile":362},"2025-12-19",0.43214,{"date":364,"score":156,"percentile":365},"2025-12-20",0.43191,{"date":367,"score":156,"percentile":368},"2025-12-21",0.43155,{"date":370,"score":156,"percentile":371},"2025-12-22",0.43132,{"date":373,"score":156,"percentile":312},"2025-12-23",{"date":375,"score":156,"percentile":257},"2025-12-24",{"date":377,"score":156,"percentile":378},"2025-12-25",0.43197,{"date":380,"score":156,"percentile":381},"2025-12-26",0.43179,{"date":383,"score":156,"percentile":384},"2025-12-27",0.43199,{"date":386,"score":156,"percentile":387},"2025-12-28",0.43103,{"date":389,"score":156,"percentile":390},"2025-12-29",0.43085,{"date":392,"score":156,"percentile":393},"2025-12-30",0.43078,{"date":395,"score":156,"percentile":396},"2025-12-31",0.43123,{"date":398,"score":156,"percentile":399},"2026-01-01",0.43264,{"date":401,"score":156,"percentile":402},"2026-01-02",0.43238,{"date":404,"score":156,"percentile":405},"2026-01-03",0.43227,{"date":407,"score":156,"percentile":408},"2026-01-04",0.43064,{"date":410,"score":156,"percentile":411},"2026-01-05",0.43043,{"date":413,"score":156,"percentile":303},"2026-01-06",{"date":415,"score":156,"percentile":416},"2026-01-07",0.43068,{"date":418,"score":156,"percentile":282},"2026-01-08",{"date":420,"score":156,"percentile":421},"2026-01-09",0.43072,{"date":423,"score":156,"percentile":424},"2026-01-10",0.43074,{"date":426,"score":156,"percentile":303},"2026-01-11",{"date":428,"score":156,"percentile":429},"2026-01-12",0.42998,{"date":431,"score":156,"percentile":432},"2026-01-13",0.42977,{"date":434,"score":156,"percentile":435},"2026-01-14",0.43028,{"date":437,"score":156,"percentile":438},"2026-01-15",0.43021,{"date":440,"score":156,"percentile":441},"2026-01-16",0.4304,{"date":443,"score":156,"percentile":444},"2026-01-17",0.4301,{"date":446,"score":156,"percentile":226},"2026-01-18",{"date":448,"score":156,"percentile":449},"2026-01-19",0.42941,{"date":451,"score":156,"percentile":452},"2026-01-20",0.42934,{"date":454,"score":156,"percentile":455},"2026-01-21",0.42938,{"date":457,"score":156,"percentile":458},"2026-01-22",0.42939,{"date":460,"score":156,"percentile":461},"2026-01-23",0.42994,{"date":463,"score":156,"percentile":320},"2026-01-24",{"date":465,"score":156,"percentile":466},"2026-01-25",0.42946,{"date":468,"score":156,"percentile":469},"2026-01-26",0.42905,{"date":471,"score":156,"percentile":472},"2026-01-27",0.42906,{"date":474,"score":156,"percentile":469},"2026-01-28",{"date":476,"score":156,"percentile":477},"2026-01-29",0.42891,{"date":479,"score":156,"percentile":480},"2026-01-30",0.42901,{"date":482,"score":156,"percentile":483},"2026-01-31",0.42912,{"date":485,"score":156,"percentile":486},"2026-02-01",0.43033,[488,493,500],{"source":160,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":489,"cvss_v4_0":9},{"baseScore":158,"baseSeverity":490,"vectorString":161,"impactScore":491,"exploitabilityScore":492},"MEDIUM",2.3,10,{"source":165,"cvss_v2_0":494,"cvss_v3_0":9,"cvss_v3_1":498,"cvss_v4_0":9},{"baseScore":495,"baseSeverity":9,"vectorString":496,"impactScore":497,"exploitabilityScore":492},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,{"baseScore":158,"baseSeverity":490,"vectorString":499,"impactScore":491,"exploitabilityScore":492},"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",{"source":166,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":501,"cvss_v4_0":502},{"baseScore":158,"baseSeverity":9,"vectorString":499,"impactScore":491,"exploitabilityScore":492},{"baseScore":503,"baseSeverity":9,"vectorString":504,"impactScore":9,"exploitabilityScore":9},6.9,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",[506,514,524],{"ecosystem":9,"name":507,"vendor":508,"product":507,"cpe_part":509,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":510},"fedora","fedoraproject","o",[511],{"version":512,"is_range":94,"range_type":513,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33","cpe",{"ecosystem":9,"name":515,"vendor":516,"product":515,"cpe_part":517,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":518},"jinja","palletsprojects","a",[519],{"version":520,"is_range":521,"range_type":513,"version_start":9,"version_start_type":9,"version_end":522,"version_end_type":523,"fixed_in":9},"lt2.11.3",true,"2.11.3","excluding",{"ecosystem":525,"name":526,"vendor":525,"product":526,"cpe_part":9,"purl_type":527,"purl_namespace":9,"purl_name":526,"source":9,"versions":528},"PyPI","jinja2","pypi",[529],{"version":530,"is_range":521,"range_type":531,"version_start":9,"version_start_type":9,"version_end":522,"version_end_type":523,"fixed_in":9},"lt2_11_3","ecosystem"]