VYPR

Dynaconf

by Dynaconf

pypi: dynaconf

Source repositories

CVEs (1)

  • CVE-2026-33154HigMar 20, 2026
    risk 0.42cvss 7.5epss 0.01

    dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template…