Pebbletemplates Pebble
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Pebbletemplates Pebble.
By the Year
In 2026 there have been 0 vulnerabilities in Pebbletemplates Pebble. Last year, in 2025 Pebble had 1 security vulnerability published. Right now, Pebble is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 6.80 |
It may take a day or so for new Pebble vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pebbletemplates Pebble Security Vulnerabilities
Pebble External File Path via include tag (CVE-2025-1686)
CVE-2025-1686
6.8 - Medium
- February 27, 2025
Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or /proc/1/environ. Workaround This vulnerability can be mitigated by disabling the include macro in Pebble Templates: java new PebbleEngine.Builder() .registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder() .disallowedTokenParserTags(List.of("include")) .build()) .build();
External Control of File Name or Path
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pebbletemplates Pebble or by Pebbletemplates? Click the Watch button to subscribe.
