handlebarsjs

Top products

The 10 most recently published vulnerabilities affecting handlebarsjs.

• CVE-2026-33941Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options8.2Mar 27, 2026
• CVE-2026-33940Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial8.1Mar 27, 2026
• CVE-2026-33939Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation7.5Mar 27, 2026
• CVE-2026-33938Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block8.1Mar 27, 2026
• CVE-2026-33937Handlebars.js has JavaScript Injection via AST Type Confusion9.8Mar 27, 2026
• CVE-2026-33916Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection4.7Mar 27, 2026
• CVE-2021-23383Prototype Pollution5.6May 4, 2021
• CVE-2021-23369Remote Code Execution (RCE)5.6Apr 12, 2021
• CVE-2019-20920Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute a...8.1Sep 30, 2020
• CVE-2019-20922Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may all...7.5Sep 30, 2020