Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package nunjucks, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2016-10547 — CVSS 6.1 (medium): Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in…
CVE-2023-2142 — CVSS 6.1 (medium): In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality…