Is jinja2 safe to use?

jinja2 has 1 known vulnerabilities on the latest version (3.1.6). DepScope rates its health at 60/100 (moderate risk).

What is the latest version of jinja2?

The latest version of jinja2 is 3.1.6, released 2025-03-05.

Does jinja2 have known vulnerabilities?

Yes. jinja2 has 1 known vulnerabilities. See depscope.dev/pkg/pypi/jinja2 for details.

Is jinja2 deprecated?

No, jinja2 is actively maintained. Latest release: 3.1.6 (2025-03-05).

What are alternatives to jinja2?

Popular alternatives to jinja2 in PyPI include: boto3, packaging, urllib3, requests, idna.

What license does jinja2 use?

jinja2 is licensed under BSD-3-Clause.

jinja2

pypiv3.1.6

A very fast and expressive template engine.

License BSD-3-Clausepermissive52 versions2 deps138,479,296 weekly dl

pallets/jinja/

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Moderate health score (60/100) — verify manually
1 high severity vulnerabilities

Health breakdown0 – 100

10/25

maintenance

20/20

popularity

20/25

security

15/15

maturity

8/15

community

0/15

popularity_floor

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2025-49142	Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data wi	—

OSS Scorecard

OpenSSF security posture score

5.6/10

moderate

Maintainer trust

Active maintainers (3m)

1

Contributors (12m)

2

Primary author dominance

91%

GitHub stars

11,582

single active maintainer 3msingle author dominance

Quality signals

OSS Criticality

0.53high

Download trend

stable(0%)

Publish security

API token

Health History

Dependency Tree

License Audit

Dependencies (2)

MarkupSafe Babel

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/jinja2

Browse all pypi packages →

Last updated · 2025-03-05T20:05:00.369721Z

Severity

Summary

Fixed in

high

CVE-2025-49142

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data wi

—