[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-22195":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":97,"related":98,"reserved_at":9,"published_at":115,"modified_at":116,"state":117,"summary":118,"references_raw":127,"kevs":189,"epss":190,"epss_history":193,"metrics":456,"affected":469},"CVE-2024-22195","Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46],"GHSA-h5c8-rqwp-cp95",[],[49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95],{"_key":50},"ALPINE-CVE-2024-22195",{"_key":52},"SUSE-SU-2024:1863-2",{"_key":54},"UBUNTU-CVE-2024-22195",{"_key":56},"SUSE-SU-2024:1863-1",{"_key":58},"SUSE-SU-2024:1864-1",{"_key":60},"OPENSUSE-SU-2024:13581-1",{"_key":62},"DLA-3715-1",{"_key":64},"DLA-3988-1",{"_key":66},"SUSE-SU-2025:20035-1",{"_key":68},"MGASA-2024-0199",{"_key":70},"DEBIAN-CVE-2024-22195",{"_key":72},"USN-6599-1",{"_key":74},"RHSA-2024:1057",{"_key":76},"RHSA-2024:1155",{"_key":78},"RHSA-2024:1536",{"_key":80},"RHSA-2024:1878",{"_key":82},"RHSA-2024:2010",{"_key":84},"RHSA-2024:2132",{"_key":86},"RHSA-2024:2348",{"_key":88},"RHSA-2024:2733",{"_key":90},"RHSA-2024:2968",{"_key":92},"RHSA-2024:2987",{"_key":94},"RHSA-2024:3102",{"_key":96},"RHSA-2024:1640",[],[99,100,101,102,103,104,105,107,109,111,113],{"_key":52},{"_key":56},{"_key":58},{"_key":60},{"_key":66},{"_key":68},{"_key":106},"CGA-493Q-4X4C-MFJV",{"_key":108},"CGA-557C-34R4-4Q66",{"_key":110},"CGA-F27Q-C9F6-2V7H",{"_key":112},"CGA-HGVF-WWM9-3343",{"_key":114},"CGA-894C-WFP5-9W62","2024-01-11T02:25:44.239Z","2025-11-03T21:53:45.551Z","Modified",{"cisa_kev":119,"cisa_ransomware":119,"cisa_vendor":9,"epss_severity":120,"epss_score":121,"severity":122,"severity_score":123,"severity_version":124,"severity_source":125,"severity_vector":126,"severity_status":117},false,"low",0.00151,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[128,137,143,147,151,155,159,163,168,172,177,181,185],{"url":129,"sources":130,"tags":133},"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95",[131,125,132],"cve.org","osv_pypi",[134,135,136],"X Refsource CONFIRM","Third Party Advisory","WEB",{"url":138,"sources":139,"tags":140},"https://github.com/pallets/jinja/releases/tag/3.1.3",[131,125,132],[141,142,136],"X Refsource MISC","Release Notes",{"url":144,"sources":145,"tags":146},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/",[131,125],[],{"url":148,"sources":149,"tags":150},"https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html",[131,125,132],[136],{"url":152,"sources":153,"tags":154},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/",[131,125],[],{"url":156,"sources":157,"tags":158},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/",[131,125],[],{"url":160,"sources":161,"tags":162},"https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html",[131,125,132],[136],{"url":164,"sources":165,"tags":166},"https://nvd.nist.gov/vuln/detail/CVE-2024-22195",[132],[167],"Advisory",{"url":169,"sources":170,"tags":171},"https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7",[132],[136],{"url":173,"sources":174,"tags":175},"https://github.com/pallets/jinja",[132],[176],"PACKAGE",{"url":178,"sources":179,"tags":180},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2",[132],[136],{"url":182,"sources":183,"tags":184},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP",[132],[136],{"url":186,"sources":187,"tags":188},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3",[132],[136],[],{"date":191,"score":121,"percentile":192},"2026-06-04",0.35377,[194,198,201,204,207,210,212,215,218,221,224,227,230,233,235,239,242,245,247,250,253,256,259,262,265,268,271,274,277,280,282,285,287,290,293,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,340,343,346,349,351,354,357,359,362,365,368,371,374,377,380,382,385,388,391,394,397,400,402,405,408,411,414,417,420,423,426,429,432,435,438,441,444,447,450,453],{"date":195,"score":196,"percentile":197},"2025-11-04",0.00111,0.30256,{"date":199,"score":196,"percentile":200},"2025-11-05",0.30236,{"date":202,"score":196,"percentile":203},"2025-11-06",0.30248,{"date":205,"score":196,"percentile":206},"2025-11-07",0.30255,{"date":208,"score":196,"percentile":209},"2025-11-08",0.30257,{"date":211,"score":196,"percentile":200},"2025-11-09",{"date":213,"score":196,"percentile":214},"2025-11-10",0.30214,{"date":216,"score":196,"percentile":217},"2025-11-11",0.30232,{"date":219,"score":196,"percentile":220},"2025-11-12",0.30275,{"date":222,"score":196,"percentile":223},"2025-11-13",0.30292,{"date":225,"score":196,"percentile":226},"2025-11-14",0.30288,{"date":228,"score":196,"percentile":229},"2025-11-15",0.30282,{"date":231,"score":196,"percentile":232},"2025-11-16",0.30254,{"date":234,"score":196,"percentile":200},"2025-11-17",{"date":236,"score":237,"percentile":238},"2025-11-18",0.00522,0.64317,{"date":240,"score":237,"percentile":241},"2025-11-19",0.64326,{"date":243,"score":237,"percentile":244},"2025-11-20",0.64324,{"date":246,"score":196,"percentile":220},"2025-11-21",{"date":248,"score":196,"percentile":249},"2025-11-22",0.30284,{"date":251,"score":196,"percentile":252},"2025-11-23",0.3025,{"date":254,"score":196,"percentile":255},"2025-11-24",0.30228,{"date":257,"score":196,"percentile":258},"2025-11-25",0.30223,{"date":260,"score":196,"percentile":261},"2025-11-26",0.30221,{"date":263,"score":196,"percentile":264},"2025-11-27",0.30234,{"date":266,"score":196,"percentile":267},"2025-11-28",0.30211,{"date":269,"score":196,"percentile":270},"2025-11-29",0.30201,{"date":272,"score":196,"percentile":273},"2025-11-30",0.30177,{"date":275,"score":196,"percentile":276},"2025-12-01",0.30252,{"date":278,"score":196,"percentile":279},"2025-12-02",0.30285,{"date":281,"score":196,"percentile":226},"2025-12-03",{"date":283,"score":196,"percentile":284},"2025-12-04",0.3019,{"date":286,"score":196,"percentile":217},"2025-12-05",{"date":288,"score":196,"percentile":289},"2025-12-06",0.3023,{"date":291,"score":196,"percentile":292},"2025-12-07",0.30206,{"date":294,"score":196,"percentile":267},"2025-12-08",{"date":296,"score":196,"percentile":297},"2025-12-09",0.30269,{"date":299,"score":196,"percentile":300},"2025-12-10",0.30331,{"date":302,"score":196,"percentile":303},"2025-12-11",0.3036,{"date":305,"score":196,"percentile":306},"2025-12-12",0.30391,{"date":308,"score":196,"percentile":309},"2025-12-13",0.3038,{"date":311,"score":196,"percentile":312},"2025-12-14",0.30355,{"date":314,"score":196,"percentile":315},"2025-12-15",0.30324,{"date":317,"score":196,"percentile":318},"2025-12-16",0.30342,{"date":320,"score":196,"percentile":321},"2025-12-17",0.30383,{"date":323,"score":196,"percentile":324},"2025-12-18",0.30433,{"date":326,"score":196,"percentile":327},"2025-12-19",0.30446,{"date":329,"score":196,"percentile":330},"2025-12-20",0.30422,{"date":332,"score":196,"percentile":333},"2025-12-21",0.30375,{"date":335,"score":196,"percentile":336},"2025-12-22",0.30334,{"date":338,"score":196,"percentile":339},"2025-12-23",0.3031,{"date":341,"score":196,"percentile":342},"2025-12-24",0.30315,{"date":344,"score":196,"percentile":345},"2025-12-25",0.30388,{"date":347,"score":196,"percentile":348},"2025-12-26",0.30387,{"date":350,"score":196,"percentile":306},"2025-12-27",{"date":352,"score":196,"percentile":353},"2025-12-28",0.30312,{"date":355,"score":196,"percentile":356},"2025-12-29",0.30286,{"date":358,"score":196,"percentile":279},"2025-12-30",{"date":360,"score":196,"percentile":361},"2025-12-31",0.30336,{"date":363,"score":196,"percentile":364},"2026-01-01",0.30464,{"date":366,"score":196,"percentile":367},"2026-01-02",0.30455,{"date":369,"score":196,"percentile":370},"2026-01-03",0.30431,{"date":372,"score":196,"percentile":373},"2026-01-04",0.30303,{"date":375,"score":196,"percentile":376},"2026-01-05",0.30295,{"date":378,"score":196,"percentile":379},"2026-01-06",0.30305,{"date":381,"score":196,"percentile":361},"2026-01-07",{"date":383,"score":196,"percentile":384},"2026-01-08",0.30363,{"date":386,"score":196,"percentile":387},"2026-01-09",0.30357,{"date":389,"score":196,"percentile":390},"2026-01-10",0.30352,{"date":392,"score":196,"percentile":393},"2026-01-11",0.3032,{"date":395,"score":196,"percentile":396},"2026-01-12",0.30261,{"date":398,"score":196,"percentile":399},"2026-01-13",0.30238,{"date":401,"score":196,"percentile":249},"2026-01-14",{"date":403,"score":196,"percentile":404},"2026-01-15",0.30281,{"date":406,"score":196,"percentile":407},"2026-01-16",0.30307,{"date":409,"score":196,"percentile":410},"2026-01-17",0.303,{"date":412,"score":196,"percentile":413},"2026-01-18",0.30242,{"date":415,"score":196,"percentile":416},"2026-01-19",0.30207,{"date":418,"score":196,"percentile":419},"2026-01-20",0.30192,{"date":421,"score":196,"percentile":422},"2026-01-21",0.30137,{"date":424,"score":196,"percentile":425},"2026-01-22",0.30112,{"date":427,"score":196,"percentile":428},"2026-01-23",0.30179,{"date":430,"score":196,"percentile":431},"2026-01-24",0.30187,{"date":433,"score":196,"percentile":434},"2026-01-25",0.30115,{"date":436,"score":196,"percentile":437},"2026-01-26",0.30041,{"date":439,"score":196,"percentile":440},"2026-01-27",0.30029,{"date":442,"score":196,"percentile":443},"2026-01-28",0.30012,{"date":445,"score":121,"percentile":446},"2026-01-29",0.35932,{"date":448,"score":121,"percentile":449},"2026-01-30",0.35924,{"date":451,"score":121,"percentile":452},"2026-01-31",0.35934,{"date":454,"score":121,"percentile":455},"2026-02-01",0.36044,[457,464,467],{"source":131,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":458,"cvss_v4_0":9},{"baseScore":459,"baseSeverity":460,"vectorString":461,"impactScore":462,"exploitabilityScore":463},5.4,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",4.2,7.2,{"source":125,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":465,"cvss_v4_0":9},{"baseScore":123,"baseSeverity":460,"vectorString":126,"impactScore":466,"exploitabilityScore":463},4.5,{"source":132,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":468,"cvss_v4_0":9},{"baseScore":459,"baseSeverity":9,"vectorString":461,"impactScore":462,"exploitabilityScore":463},[470,480,486],{"ecosystem":9,"name":471,"vendor":472,"product":471,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":474},"jinja","pallets","a",[475],{"version":476,"is_range":477,"range_type":131,"version_start":9,"version_start_type":9,"version_end":478,"version_end_type":479,"fixed_in":9},"\u003C 3.1.3",true,"3.1.3","excluding",{"ecosystem":9,"name":471,"vendor":481,"product":471,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":482},"palletsprojects",[483],{"version":484,"is_range":477,"range_type":485,"version_start":9,"version_start_type":9,"version_end":478,"version_end_type":479,"fixed_in":9},"lt3.1.3","cpe",{"ecosystem":487,"name":488,"vendor":487,"product":488,"cpe_part":9,"purl_type":489,"purl_namespace":9,"purl_name":488,"source":9,"versions":490},"PyPI","jinja2","pypi",[491],{"version":492,"is_range":477,"range_type":493,"version_start":9,"version_start_type":9,"version_end":478,"version_end_type":479,"fixed_in":9},"lt3_1_3","ecosystem"]