VYPR

PyPI package

dynaconf

pkg:pypi/dynaconf

Vulnerabilities (1)

  • CVE-2026-33154HigMar 20, 2026
    affected < 3.2.13fixed 3.2.13

    dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions