VIR Vulnerability Intelligence Relay

Package impact

npm NPM / liquidjs

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45617 high 8.0 8d ago LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex
CVE-2026-45357 high 8.0 8d ago LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)
CVE-2026-41311 medium 6.5 6.5 26d ago liquidjs has a Denial of Service via circular block reference in layout
CVE-2026-44646 medium 5.5 8d ago LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`
CVE-2026-44645 medium 5.5 8d ago LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body
CVE-2026-44644 medium 5.5 8d ago LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS